Nmap Development mailing list archives
Re: Uniquely identifying an Nmap install from NSE?
From: Ben Rosenberg <suicidalbob () gmail com>
Date: Fri, 7 Aug 2009 17:26:23 -0700
On Fri, Aug 7, 2009 at 3:31 PM, Ron<ron () skullsecurity net> wrote:
On 08/07/2009 05:19 PM, Brandon Enright wrote:What about stealing one from the conficker playbook and use the current week as a source of entropy. Something like svcname = hash(localip + localmac + remoteip + week) Still not much entropy but certainly raising the bar above just MAC. BrandonI don't think including the week or remoteip would make a considerable difference, since they're going to be known to the attacker. But hashing the localip and localmac together is a good idea, it'd create a significantly more difficult bruteforce. Ron -- Ron Bowes http://www.skullsecurity.org/
Something like the current Unix timestamp plus the 3rd and 6th octets of the source's MAC would give a decent sized number and would not contain enough information to necessarily give away the identity of whoever is initiating the connection. Though I guess the collision rate for that might be less than optimal. Ben _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? David Fifield (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Brandon Enright (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ben Rosenberg (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? Ron (Aug 07)
- Re: Uniquely identifying an Nmap install from NSE? jah (Aug 07)