Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

SYN Scan values - article

From: kx <kxmail () gmail com>
Date: Wed, 21 Jun 2006 23:11:24 -0400
I went to digg the Sectools.org site (done), and found this article in
the digg queue.

http://dmiessler.com/study/synpackets/

I think this article raises a good point, probably raised many times
before. We just recently added an MSS of 1460 to the SYN scans, and I
was wondering if we should change these values as well:

Set the DF bit.
Set the TTL to 64 or 128 or vary by OS
Set the Window Size to 65535, 5840 or vary by OS.

Also, another thing I was wondering about, is what does our RST
signature look like compared to real OSes?

I am just trying to think of ways to make our SYN scans stick out less
to potential IDS rules. Curious on your thoughts.

Cheers,
kx


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: