|
Nmap Development
mailing list archives
Re: decoys and limiting outbound RST packets
From: Michael Rash <mbr () cipherdyne org>
Date: Sun, 2 Jan 2005 18:14:10 -0500
On Jan 02, 2005, Martin Ma?ok wrote:
On Sat, Jan 01, 2005 at 05:19:30PM -0500, Michael Rash wrote:
Proposed solution:
Provide an interface to use a local packet filter (if available)
to restrict outbound RST packets to the target for the duration of
any scan that causes unsolicited SYN/ACK packets to be sent to the
scanning system.
In this case, the target could send SYN+ACK probe to every
non-responding IP after the scan. If there is an IP that responds then
it is the IP of the scanner.
That's true, but does this mean the RST blocking feature is not
useful? How many people are actually going to do this vs. just
watch RST packets coming back (or lack thereof)? The main
advantage in having this feature integrated directly with Nmap
is that the target must be less confident about how the scanner's
IP appears to behave. If a patch happens to appear that
implements this, is there any reason that it shouldn't be
accepted?
--Mike
Michael Rash
http://www.cipherdyne.org/
Key fingerprint = 53EA 13EA 472E 3771 894F AC69 95D8 5D6B A742 839F
---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List archive: http://seclists.org
 By Date 
By Thread
Current thread:
- Re: decoys and limiting outbound RST packets, (continued)
Re: decoys and limiting outbound RST packets Martin Mačok (Jan 02)
- Re: decoys and limiting outbound RST packets Michael Rash (Jan 02)
RE: decoys and limiting outbound RST packets robert (Jan 05)
|
Intro
