Home page logo

Nmap Announce mailing list archives

Re: nmap's "-S" option and linux SAV
From: Michel Arboi <arboi () bigfoot com>
Date: 16 Jul 2000 11:21:04 +0200

tech_related () ip pt writes:

Does the kernel's SAV always prove incapable of blocking nmap's
scans using spoofed packets? Or am I missing something? 

I am afraid you are missing something. There is nothing magic about
SAV in the TCP/IP stack, because faked packets just look like "genuine"
packets. There is only one way to identify them:
e.g., if you receive on your external interface, packets that
"originate" from your internal network.

mailto:arboi () bigfoot com     http://www.bigfoot.com/~arboi/
GPG Public keys: http://www.bigfoot.com/~arboi/pubkey.txt

For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]