Penetration Testing mailing list archives

Re: NMAP Concurrent Scans

From: Tim <tim-pentest () sentinelchicken org>
Date: Fri, 10 Aug 2007 13:46:12 -0400

I was wondering whether running SYN, FIN, XMAS, NULL
and ACK scans in parallel on a target generate false
results. Since same client IP is  asking for opening &
closing a connection on target machine will it not
 render some ports open and other closed in the
report?


Assuming nmap is using random source ports (which it does by default),
even if you're scanning the same port, it's relatively unlikely the
4-tuple (source ip, dest ip, source port, dest port) will be identical.
Remember, this 4-tuple is what uniquely indentifies a connection.

HTH,
tim

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

NMAP Concurrent Scans Clone (Aug 10)
- Re: NMAP Concurrent Scans Burak CIFTER (Aug 11)
- Re: NMAP Concurrent Scans Tim (Aug 11)
- Re: NMAP Concurrent Scans rajat swarup (Aug 11)