Nmap Development mailing list archives
Re: SYN Scan values - article
From: Fyodor <fyodor () insecure org>
Date: Sat, 24 Jun 2006 21:19:51 -0700
On Sun, Jun 25, 2006 at 12:16:19AM -0400, kx wrote:
Re: the RSTs, is it better to allow the host OS to send RSTs or not? I suppose if you use decoys, and they are all real hosts responding with RSTs, you would want to as well so you wouldn't stick out, but what about other cases? Just curious on your and others' thoughts.
We don't have much choice, unless we muck with the host firewall so it doesn't receive the SYN/ACKs (or so that its outgoing RSTs are blocked), neither of which I really want to do. Or Nmap could use a separate IP. I suppose Nmap could have an option for responding with RST itself. Then you'd have to do the firewall changes or use '-S' with a different IP that your host won't respond to. But I haven't seen much demand for this. Cheers, -F _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- SYN Scan values - article kx (Jun 21)
- Re: SYN Scan values - article Felix Gröbert (Jun 22)
- Re: SYN Scan values - article Martin Mačok (Jun 23)
- Re: SYN Scan values - article kx (Jun 24)
- Re: SYN Scan values - article Fyodor (Jun 24)
- Re: SYN Scan values - article Martin Mačok (Jun 25)
- Re: SYN Scan values - article kx (Jun 24)