Re: [PATCH] TCP Idle Scan in IPv6

["Mathias Morbitzer" <m.morbitzer () runbox com>]

On Fri, 20 Sep 2013 13:29:53 -0700, David Fifield <david () bamsoftware com> wrote:

> > Also, my masterthesis in which I explain the TCP Idle Scan in IPv6, is
> > now finished and online:
> > http://www.ru.nl/publish/pages/578936/m_morbitzer_masterthesis.pdf

For people who do not want to read the whole thesis, I also wrote an article which only deals with the TCP Idle Scan in 
IPv6, and not with its two alternatives, the RST Rate Limit Scan and the SYN Cache Scan. 
It is available here: 
https://www.researchgate.net/publication/256846709_TCP_Idle_Scans_in_IPv6/file/9c960523ff1da8b77a.pdf

> I found it interesting in section 4.1, that Windows 8 uses a global
> identifier counter, but gives it a different offset for each host. 

This is indeed my favorite discovery of the whole research. No clue why anyone would do this. Maybe to make the 
identifiers look random? 
But if so, why not use a random value right away? If anybody knows or thinks to know the reason for this, please share 
your ideas with me. ! 

> I also didn't know that OpenBSD counts both incoming and outgoing segments
> for the purpose of RST rate limiting (section 5.1).
 
Also very interesting for me. The man page of OpenBSD says that only incoming segments are counted, but my tests say 
its also outgoing segments. 

> I'm working now on merging your patch.

Great! Feels good to know that my code will end up in Nmap! 


Mathias Morbitzer
_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/