Home page logo

nmap-dev logo Nmap Development mailing list archives

nmap and another idea
From: <phaseone () sio midco net>
Date: Fri, 13 Feb 2004 09:08:21 -0600

we all can say that nmap , in it's current state, does a wonderful job. but we also realize that some of it's features 
are lacking.
one nmap option that i have noticed that could be looked into a bit more, is the fingerprinting methods that it uses. 
using several packets and needing 1 closed and 1 open port doesn't really do much for keeping traffic and anonymity 
down to a minimum (which should be the goal to strive for when gleaming and passively gathering data)

i have read about using RTO (reset time out) analyses using a tool like RING http://www.planb-security.net/wp/ring.html
this concept is quite unique, in that it only needs 1 PACKET / 1 PORT to do it's job. it simply sends the standard SYN 
, waits for the SYN/ACK and then lets the socket end time out on the target , using the RTO value from the stack 
(specific to each vendor) and then pulling that value from a predefined database signature list.

now i understand that nmap is trying to "do it's own thing" and other people have written tools that maybe they would 
like to keep seperate and call their "own", but it seems to me, if the nmap community would take ideas from everyone 
and build on others' tools and ideas and concepts, nmap
could become the ideal and most powerful scanning/gleaming tool out there (it is already powerful now even in it's 
current state).

anyway, these were just some thoughts and ideas for you to mull over...i thank you for your time /Mike
                            (phaseone () sio midco net)

                                                                                                        "they call me a 
criminal...as i am only merely an explorer"

  By Date           By Thread  

Current thread:
  • nmap and another idea phaseone (Feb 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]