Nmap Development mailing list archives
Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan
From: Daniel Miller <bonsaiviking () gmail com>
Date: Wed, 8 Jul 2015 11:53:16 -0500
On Wed, Jul 8, 2015 at 11:21 AM, David Fifield <david () bamsoftware com> wrote:
On Wed, Jul 08, 2015 at 04:07:44PM +0200, Bernhard Thaler wrote:Some IPS seem to detect and block nmap probes due to hard-coded TCPreceivewindow size of 1024.Do you happen to know which ones? I am curious. This would definitely stop p0f from detecting Nmap. Here are its
signatures (5th field is TCP Window size, scale): label = s:!:NMap:SYN scan sys = @unix,@win sig = *:64-:0:1460:1024,0:mss::0 sig = *:64-:0:1460:2048,0:mss::0 sig = *:64-:0:1460:3072,0:mss::0 sig = *:64-:0:1460:4096,0:mss::0 Dan
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Bernhard Thaler (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan David Fifield (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Daniel Miller (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Fyodor (Jul 12)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Jacek Wielemborek (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan bernhard . thaler (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Daniel Miller (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Fyodor (Jul 19)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan David Fifield (Jul 08)