Very stealth mode for the OS detection

[Nicolas Gregoire <nicolas.gregoire () 7thzone com>]

Hi,

first please excuse my (very) poor english.

I wonder why there isn't a very stealth mode for OS detection
(please note I haven't read nmap-dev mailing-list archive)

Using some kind of "strange" ICMP packets, it would be easy to restrict
in 1 or 2 packets the kind of OS scanned to Win boxes or not Win boxes,
for example.

This stealth mode can, in case of Win boxes, send just the packets where
the answer are different for several Win OSes, or in case of non Win
boxes ask for a "real" OS detection scan.

The only advantage is the very low number of ICMP packets send to the
scanned boxes.

Has this been discussed on nmap-dev ml ?
Does it seem to be a good idea ?

Nicob
nicob () 7thzone com

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).