Home page logo
/

Nmap Announce mailing list archives

Re: how to know scan is correct?
From: Simple Nomad <thegnome () nmrc org>
Date: Wed, 9 Feb 2000 16:52:53 -0600 (CST)

Well, I think that if all networked systems used state tables you would
eliminate almost everything. Unfortunately pretty much all systems do not
use the built in state tables. This is actually one of the first
modifications I make on a new system via kernel patching -- so it really
only applies to open sourced operating systems -- but it eliminates all of
the TCP scans from finding open ports except TCP connect, which can be
controlled any number of ways.

-         Simple Nomad          -  No rest for the Wicca'd  -
-      thegnome () nmrc org        -        www.nmrc.org       -
-  thegnome () razor bindview com  -      www.bindview.com     -

On Wed, 9 Feb 2000, Reinoud Koornstra wrote:

Nice issue.
And..... are there any suggestions for this:

Assume i have a machine running ipf which deals with the traffic from
outside.
Behind that machine is an entire netwerk using ipnat.
Now some one uses nmap on me to see what is open and what isnt.
Now, ipf notices a packet... (fyn scan) does nothing with it but redirects
it to another machine on the network on which the port is closed.
Then nmap will think the port on the firewalled machine is closed while
nmap really got the results from another machine without knowing it.
A friend of mine deals this way with this kind of scans and fooling nmap
completly.


Bye,

Reinoud.




  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]