Nmap Announce mailing list archives

Re: fooling nmap

From: "The Cyberiad" <cyberiad () cyberus ca>
Date: Fri, 11 Feb 2000 14:21:52 -0500

Fyodor might help with this. But to recognize OS, one would need to do
an nMap scan against the scanning host :) And that topic always brings a
thread that talks about 'legality' of counter-scan, etc, etc :)


The scanning computer's stack will respond to your own computer's
response. Trap _this_ response packet and use the IP and TCP field
information to characterize the scanning computer's OS.  There will 
certainly be less data points to work with and perhaps less information in
this packet than if you initiated a counter-scan of your own.

Has anyone investigated this ?

Cyberiad

Current thread:

Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
  - Re: Intrusion detection question. Jose Nazario (Feb 10)
  - fooling nmap Bep Verberk (Feb 10)
    - Re: fooling nmap Lance Spitzner (Feb 10)
    - Re: fooling nmap CyberPsychotic (Feb 11)
    - Re: fooling nmap Vanja Hrustic (Feb 11)
    - Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Michel Arboi (Feb 10)
  - Re: Intrusion detection question. Tomi Ollila (Feb 10)
    - Re: Intrusion detection question. Michel Arboi (Feb 14)
    - Re: Intrusion detection question. Tomi Ollila (Feb 21)
  - Re: Intrusion detection question. Bart van Leeuwen (Feb 10)