<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Nmap Development: Finding real host in Nmap -D Scans

Finding real host in Nmap -D Scans

From: Ryan <ryan_at_packetwatch.net>
Date: Sun, 2 Mar 2003 18:25:29 -0600

Hi All,

I was wondering about the decoy scan in nmap. Is there a way to tell
which host in a decoy scan is the real host? I found a post by Dug Song
(http://www.geek-girl.com/ids/1999/0057.html), but these methods won't
work anymore.

First, as Dug Song said nmap now randomizes the ttl fields, and secondly
you can't narrow it down to a host that can run nmap, because nmap can
now be run on Windows systems as well.

Ryan Spangler
http://www.packetwatch.net

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Mar 03 2003

This message: [ Message body ]
Next message: Kevin Hodle: "RE: Finding real host in Nmap -D Scans"
Previous message: Lifeasitis21_at_aol.com: "additional info on NMapWin on XP"
Next in thread: Kevin Hodle: "RE: Finding real host in Nmap -D Scans"
Maybe reply: Kevin Hodle: "RE: Finding real host in Nmap -D Scans"
Maybe reply: Lampe, John W.: "RE: Finding real host in Nmap -D Scans"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]