Nmap Development mailing list archives
Re: Finding real host in Nmap -D Scans
From: Fyodor <fyodor () insecure org>
Date: Mon, 3 Mar 2003 22:16:42 -0800
On Mon, Mar 03, 2003 at 11:26:38PM -0600, Kevin Hodle wrote:
With most broadband providers, this is an obsolete method of port scanning. Broadband companies like comca$t have very strict egress filters,
Obsolete? Hardly. While many broadband and dialup providers have finally implemented some form of egress filtering, most aren't what I would consider "very strict". Usually attackers can at least spoof any IP on the same class C. My ATT cable modem can spoof a range of literally thousands of IPs. And that is all that matters for many users who are simply trying to camoflauge their exact IP. Sure, many cable modem/DSL/dialup users can't spoof entirely arbitrary IP addresses directly, but they often can do that from the first corporate/university/Korean box that they own. And those boxes likely have superior bandwidth for scanning anyway. Of course, I don't advocate compromising systems or even using decoys to hide scanning activity. I proudly perform virtually all of my Nmap scanning from my own networks, and rarely receive complaints. This is because I try to keep the scans unintrusive and targetted (not millions of machines). I also get consent first where practical. And for those who insist on spoofed scans, at least consider the new Nmap Idlescan technique described at http://www.insecure.org/nmap/idlescan.html . It is much sexier than decoys, and also more stealthy. Of course it is slower than decoys, but you can't have everything! Cheers, Fyodor http://www.insecure.org/ --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Finding real host in Nmap -D Scans Ryan (Mar 02)
- <Possible follow-ups>
- RE: Finding real host in Nmap -D Scans Kevin Hodle (Mar 03)
- Re: Finding real host in Nmap -D Scans H D Moore (Mar 03)
- Re: Finding real host in Nmap -D Scans Fyodor (Mar 03)
- RE: Finding real host in Nmap -D Scans Lampe, John W. (Mar 03)
- RE: Finding real host in Nmap -D Scans Alexander Bartolich (Mar 04)