Nmap Development mailing list archives
Re: portspoof IDS trouble
From: Henri Doreau <henri.doreau () gmail com>
Date: Sun, 29 Jun 2014 15:47:41 +0200
2014-06-24 15:53 GMT+02:00 Jay Bosamiya <jaybosamiya () gmail com>:
List, I wrote a patch (attached) that does this. Using --forget-after X makes Nmap forget any host that has more than X open ports. This patch may need improvement and testing before it can be considered for inclusion and so I have marked the option as experimental. However, I am posting this since Andrew (and others who come across hosts with portspoof) might find this useful. Cheers, Jay On Tuesday 03 June 2014 08:11 PM, Henri Doreau wrote:A possible approach is to patch nmap to make it forget about every host that have more than X (or X%) of open ports. That would be a nice contribution actually! Would you or one of our GSoC feature creepers be interested? If not I have such a patch somewhere but it would need some improvement before it can be considered for inclusion.
Hi Jay, thanks for the patch. I'd suggest a couple changes. First, it'd be convenient if the parameter could take either an integer or a percentage (of the number of ports to scan) as an argument. Second, I think it's necessary to indicate in the output why we stopped scanning a given host, just as done with host timeout. Regards -- Henri _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- portspoof IDS trouble Andrew Oko-odion (May 31)
- Re: portspoof IDS trouble Henri Doreau (Jun 03)
- Re: portspoof IDS trouble Jay Bosamiya (Jun 24)
- Re: portspoof IDS trouble Henri Doreau (Jun 29)
- Re: portspoof IDS trouble Jay Bosamiya (Jun 24)
- Re: portspoof IDS trouble Henri Doreau (Jun 03)