Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SYN Scan values - article

From: Fyodor <fyodor () insecure org>
Date: Sat, 24 Jun 2006 21:19:51 -0700
On Sun, Jun 25, 2006 at 12:16:19AM -0400, kx wrote:


  Re: the RSTs, is it better to allow the host OS to send RSTs or not?
 I suppose if you use decoys, and they are all real hosts responding
with RSTs, you would want to as well so you wouldn't stick out, but
what about other cases?  Just curious on your and others' thoughts.


We don't have much choice, unless we muck with the host firewall so it
doesn't receive the SYN/ACKs (or so that its outgoing RSTs are
blocked), neither of which I really want to do.  Or Nmap could use a
separate IP.

I suppose Nmap could have an option for responding with RST itself.
Then you'd have to do the firewall changes or use '-S' with a
different IP that your host won't respond to.  But I haven't seen much
demand for this.

Cheers,
-F


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Previous By Date Next
Previous By Thread Next

Current thread: