Nmap Development mailing list archives
Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan
From: Jacek Wielemborek <d33tah () gmail com>
Date: Mon, 13 Jul 2015 12:20:45 +0200
W dniu 13.07.2015 o 08:12, Fyodor pisze:
On Wed, Jul 8, 2015 at 7:07 AM, Bernhard Thaler <bernhard.thaler () r-it at> wrote:Some IPS seem to detect and block nmap probes due to hard-coded TCP receive window size of 1024. Add --win option to set any receive window size 0 < win < 65535 to avoid being detected by hard-coded window size 1024.(...) Solutions which are "smart" enough to solve problems without requiring the user to specify some obscure option are likely to improve the scanning experience for far more people.
The question is then - can you think of a smart way to detect that this specific window size is blocked?
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Bernhard Thaler (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan David Fifield (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Daniel Miller (Jul 08)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Fyodor (Jul 12)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Jacek Wielemborek (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan bernhard . thaler (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Daniel Miller (Jul 13)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan Fyodor (Jul 19)
- Re: [RFC PATCH] Add --win option to set receive window size in TCP SYN Scan David Fifield (Jul 08)