Nmap Development: Finding real host in Nmap -D Scans

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Development mailing list archives

Finding real host in Nmap -D Scans

From: "Ryan" <ryan () packetwatch net>
Date: Sun, 2 Mar 2003 18:25:29 -0600

Hi All,

I was wondering about the decoy scan in nmap.  Is there a way to tell
which host in a decoy scan is the real host?  I found a post by Dug Song
(http://www.geek-girl.com/ids/1999/0057.html), but these methods won't
work anymore.

First, as Dug Song said nmap now randomizes the ttl fields, and secondly
you can't narrow it down to a host that can run nmap, because nmap can
now be run on Windows systems as well.

Ryan Spangler
http://www.packetwatch.net


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

By Date By Thread

Current thread:

Finding real host in Nmap -D Scans Ryan (Mar 02)
- <Possible follow-ups>
- RE: Finding real host in Nmap -D Scans Kevin Hodle (Mar 03)
  - Re: Finding real host in Nmap -D Scans H D Moore (Mar 03)
  - Re: Finding real host in Nmap -D Scans Fyodor (Mar 03)
- RE: Finding real host in Nmap -D Scans Lampe, John W. (Mar 03)
  - RE: Finding real host in Nmap -D Scans Alexander Bartolich (Mar 04)