mailing list archives
From: "Bep Verberk" <verberk () nortelnetworks com>
Date: Thu, 10 Feb 2000 08:49:56 -0500
Its easy to do a custom hack to fool nmap, but its "custom", its on my
few boxes alone.
I would not like to see nmap evolving to work around every possible customization that
comes along - unless of course a particular little trick becomes widespread - but then it
actually becomes a useful fingerprint.
IMHO the preferred approach is continued addition of ways to customize and randomize
scans, so that the scanning itself does not have a predictable fingerprint.
BTW, anyone working on an ID tool that fingerprints nmap ? Something that
would identify an nmap scan, the type of scan, the version of nmap, the OS the
scan was run from, etc.
verberk () nortelnetworks com
Re: Intrusion detection question. Michel Arboi (Feb 10)
Re: Intrusion detection question. Bart van Leeuwen (Feb 10)