Nmap Development mailing list archives
Re: portspoof IDS trouble
From: Jay Bosamiya <jaybosamiya () gmail com>
Date: Tue, 24 Jun 2014 19:23:55 +0530
List, I wrote a patch (attached) that does this. Using --forget-after X makes Nmap forget any host that has more than X open ports. This patch may need improvement and testing before it can be considered for inclusion and so I have marked the option as experimental. However, I am posting this since Andrew (and others who come across hosts with portspoof) might find this useful. Cheers, Jay On Tuesday 03 June 2014 08:11 PM, Henri Doreau wrote:
A possible approach is to patch nmap to make it forget about every host that have more than X (or X%) of open ports. That would be a nice contribution actually! Would you or one of our GSoC feature creepers be interested? If not I have such a patch somewhere but it would need some improvement before it can be considered for inclusion.
Attachment:
forgetAfter.patch
Description:
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- portspoof IDS trouble Andrew Oko-odion (May 31)
- Re: portspoof IDS trouble Henri Doreau (Jun 03)
- Re: portspoof IDS trouble Jay Bosamiya (Jun 24)
- Re: portspoof IDS trouble Henri Doreau (Jun 29)
- Re: portspoof IDS trouble Jay Bosamiya (Jun 24)
- Re: portspoof IDS trouble Henri Doreau (Jun 03)