mailing list archives
Re: fooling nmap
From: "The Cyberiad" <cyberiad () cyberus ca>
Date: Fri, 11 Feb 2000 14:21:52 -0500
Fyodor might help with this. But to recognize OS, one would need to do
an nMap scan against the scanning host :) And that topic always brings a
thread that talks about 'legality' of counter-scan, etc, etc :)
The scanning computer's stack will respond to your own computer's
response. Trap _this_ response packet and use the IP and TCP field
information to characterize the scanning computer's OS. There will
certainly be less data points to work with and perhaps less information in
this packet than if you initiated a counter-scan of your own.
Has anyone investigated this ?
Re: Intrusion detection question. Michel Arboi (Feb 10)
Re: Intrusion detection question. Bart van Leeuwen (Feb 10)