mailing list archives
Nmap - Under the hood
From: skill2die4 () secguru com
Date: Sun, 12 Dec 2004 03:43:41 -0600 (CST)
I am in a process of jotting down the various options available with NMAP
while doing port scanning, collecting ethereal packets for various
scans_types and also doing discussing on which scan works best under what
Results at : http://www.secguru.com/forum/viewtopic.php?t=68
However, when i started fiddling with the -sF, -sX and -sN .. i found that
most of the machines being scanned are responding back as "open" to
everything. I tried these scan options against M$oft, Fedora and Solaris ;
but it reported all ports 'open' which i know aint true.
The Nmap manpage states, "There are times when even SYN scanning isn't
clandestine enough. Some firewalls and packet filters watch for SYNs to
restricted ports, and programs like Synlogger and Courtney are available
to detect these scans. These advanced scans, on the other hand, may be
able to pass through unmolested."
I got the idea about the scan , but dont have any live example. If you
know any OS.(+version) that DOES reply back with RST please let me know !
- Nmap - Under the hood skill2die4 (Dec 13)