Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan

[Fyodor <fyodor () nmap org>]

On Wed, Jul 8, 2015 at 7:07 AM, Bernhard Thaler <bernhard.thaler () r-it at>
wrote:

> Some IPS seem to detect and block nmap probes due to hard-coded TCP receive
> window size of 1024.
>
> Add --win option to set any receive window size 0 < win < 65535 to avoid
> being
> detected by hard-coded window size 1024.

Hi Bernhard, and thanks for the patch!  I feel like Nmap has too many
command line options already, so the bar to adding new ones is pretty high
in terms of how common and essential the option is for users.  In this
case, perhaps there is another solution.  If there is a more common window
size, perhaps we could switch to using that by default.  Or maybe Nmap
could choose from a number of common window sizes at startup, though that
means a bit more complexity and code to maintain than the
choosing-another-static-value approach.  Also, we shouldn't change the
packets sent by OS detection since the window size of those may affect the
responses.

Solutions which are "smart" enough to solve problems without requiring the
user to specify some obscure option are likely to improve the scanning
experience for far more people.  I'm glad you sent the patch though because
it does make it easier for people who do want to change the Window size to
apply your patch and do so.

Cheers,
Fyodor

_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/