|
Nmap Development
mailing list archives
RE: decoys and limiting outbound RST packets
From: robert () dyadsecurity com
Date: Wed, 5 Jan 2005 23:16:57 -0800
Greetings Nmap-dev team,
As an fyi, the unicornscan people have run into this issue of RST's coming from the kernel in response to connections
it didn't initiate. For normal syn-scanning this doesn't bother you much, but it really gets annoying when you're
actually trying to complete the 3-way handshake (we statelessly keep track of state all via raw sockets).
Anyhow .. our solution for this was the brainchild of Kiki (ghost () rapturesecurity org - inspired by one of the Fanta
commercials.. don't ask) was to have another program respond to arp requests on a particular interface without having
to bother the kernel with the new IP assignment. This tool is called fantaip and comes with the current public release
of unicornscan (unicornscan.org).
The reason this may be interesting to the nmap folks is that it also works with nmap's -S option.
Example:
fantaip eth0 192.168.1.1
nmap -S 192.168.1.1 www.google.com -p80
etc etc etc
Anyhow, if you have any questions, please feel free to contact us.
Robert
--
Robert E. Lee
CTO, Dyad Security, Inc.
W - http://www.dyadsecurity.com
E - robert () dyadsecurity com
M - (949) 394-2033
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
- Re: decoys and limiting outbound RST packets, (continued)
Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
RE: decoys and limiting outbound RST packets robert (Jan 05)
|
Intro
