Nmap Development mailing list archives
Re: decoys and limiting outbound RST packets
From: Michael Rash <mbr () cipherdyne org>
Date: Sun, 2 Jan 2005 18:14:10 -0500
On Jan 02, 2005, Martin Ma?ok wrote:
On Sat, Jan 01, 2005 at 05:19:30PM -0500, Michael Rash wrote:Proposed solution: Provide an interface to use a local packet filter (if available) to restrict outbound RST packets to the target for the duration of any scan that causes unsolicited SYN/ACK packets to be sent to the scanning system.In this case, the target could send SYN+ACK probe to every non-responding IP after the scan. If there is an IP that responds then it is the IP of the scanner.
That's true, but does this mean the RST blocking feature is not useful? How many people are actually going to do this vs. just watch RST packets coming back (or lack thereof)? The main advantage in having this feature integrated directly with Nmap is that the target must be less confident about how the scanner's IP appears to behave. If a patch happens to appear that implements this, is there any reason that it shouldn't be accepted? --Mike Michael Rash http://www.cipherdyne.org/ Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- decoys and limiting outbound RST packets Michael Rash (Jan 01)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 03)
- Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Slarty (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
- <Possible follow-ups>
- RE: decoys and limiting outbound RST packets robert (Jan 05)