mailing list archives
Re: Very cool scanning technique, nmap?
From: Mikael Olsson <mikael.olsson () enternet se>
Date: Mon, 31 Jul 2000 14:59:41 +0200
Lance Spitzner wrote:
He tries the following packet combos:
... and at the end, he goes for a XMAS+YMAS+SYN packet..
By the way, the two first packets come SYN, SYN+ACK in the
second scan. I'm going to go ahead and assume that this
was the intended order:
Looking at the timings, it isn't too far fetched to assume
that the two first packets were simply reordered during
Weird scan, by the way. I can't really see how the
combination would do any good. I'd guess that it's some
sort of brutish scanner that volleys everything in its
arsenal at the destination (sans NULL and ACK probes) and
hopes for something in return to either one of the packets.
(It could be some old outdated DoS attack too. Who knows)
I'm not aware of any scanner behaving this way. Anyone else?
Maybe some digging in the incidents lists would show some
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 ÖRNSKÖLDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: mikael.olsson () enternet se
For help using this (nmap-hackers) mailing list, send a blank email to
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).