mailing list archives
Re: Are these signatures nmap?
From: Max Vision <vision () whitehats com>
Date: Mon, 22 May 2000 22:59:06 -0700 (PDT)
On Tue, 23 May 2000, Denis Ducamp wrote:
On Mon, May 22, 2000 at 08:25:19AM -0500, Lance Spitzner wrote:
Recently my network was scanned. I do not think
this was nmap. If not, does anyone have any
idea which tools this was?
I have no idea which "scanner" it is but I couldn't use such paquets to scan
a host. Tried against linux 2.2.13 and WinNT4SP5 but none of them replied. I
don't think that it's a port scanner.
Ditto- when I first saw this post I whipped up a portscanner that would
yield the exact same signature. It doesn't seem to elicit any response,
to closed or open ports. Tried against windows, linux, solaris,
openbsd, routers... I didn't expect a response, but then, now I've
verified it. Looks like netjunk, someone messing around? :)
05/22-22:58:26.575900 xxx.xxx.xxx.xxx:31337 -> xxx.xxx.xxx.xxx:23
TCP TTL:64 TOS:0x10 ID:242 DF
***FRP** Seq: 0xA1D95 Ack: 0x53 Win: 0x400