Home page logo

Nmap Announce mailing list archives

Re: Are these signatures nmap?
From: Max Vision <vision () whitehats com>
Date: Mon, 22 May 2000 22:59:06 -0700 (PDT)

On Tue, 23 May 2000, Denis Ducamp wrote:
On Mon, May 22, 2000 at 08:25:19AM -0500, Lance Spitzner wrote:
Recently my network was scanned.  I do not think
this was nmap.  If not, does anyone have any
idea which tools this was?

I have no idea which "scanner" it is but I couldn't use such paquets to scan
a host. Tried against linux 2.2.13 and WinNT4SP5 but none of them replied. I
don't think that it's a port scanner.

Ditto-  when I first saw this post I whipped up a portscanner that would
yield the exact same signature.  It doesn't seem to elicit any response,
to closed or open ports. Tried against windows, linux, solaris,
openbsd, routers... I didn't expect a response, but then, now I've
verified it.  Looks like netjunk, someone messing around? :)

05/22-22:58:26.575900 xxx.xxx.xxx.xxx:31337 -> xxx.xxx.xxx.xxx:23
TCP TTL:64 TOS:0x10 ID:242  DF
***FRP** Seq: 0xA1D95   Ack: 0x53   Win: 0x400


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]