Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Invalidating Stealth

Invalidating Stealth

From: Crenshaw, Adrian D <adrian_at_ius.edu>
Date: Tue, 4 Oct 2005 10:57:33 -0500

Hi All,

            I'm working on part two of my Nmap video tutorial (I call it
Nmap 2: Port Scan Boogaloo) and wanted to ask a question. What all flags
cause problems that make stealth/obscuring features less effective? For
example:

 

If you use an idle scan (-sI), but don't use -P0, the true scanning IP
will be given away because of the ping.

 

Another example would be if you did an idle scan with version and OS
detection turned on (-sV -O or just -A), while the port scan may seem to
come from the zombie, the version/OS detect stuff will appear to come
from the true scanners IP.

 

I also image that the use of decoys could also be invalidated based on
which IPs the scanned host was able to establish three way hand shakes
with during the scans (if version or OS detection was requested).

 

Any others I should mention?

 

Adrian

http://www.irongeek.com <http://www.irongeek.com/>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Received on Oct 04 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos