|
Nmap Development
mailing list archives
Re: decoys and limiting outbound RST packets
From: Martin Mačok <martin.macok () underground cz>
Date: Sun, 2 Jan 2005 20:19:31 +0100
On Sun, Jan 02, 2005 at 11:18:15AM -0500, Michael Rash wrote:
Let's say that the target sees parallel probes to same ports from
N different IPs (ie. decoy scan). It could divide the IPs into two
groups and send the response(s) to single probe just to the first
group and send nothing to the second. If retransmission occurs,
the real IP is in the second group, otherwise it is in the first
group.
But the target would have no idea if the real IP is blocking its own
outbound RST packets.
Not true. The algorithm above does not depend on RST packets. It
depends on scanner retransmitting the probe when it gets no answer.
Martin Mačok
IT Security Consultant
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
|
Intro
