On Fri, Oct 26, 2007 at 07:10:33AM +0000, Brandon Enright wrote:
>
> I haven't given it more than 2 seconds of thought, but we could try
> something TCP SYNCOOKIE inspired for our ICMP ECHO requests.
Hi Brandon. The response already has enough information (e.g. ICMP
sequence and ID numbers) for us to recognize it. But I think in most
cases where we get a response from a different IP than the target we
sent to, it is because the target host forwarded the request
(e.g. subnet-directed broadcast) to other machines, and one or more of
them answered. In that case, for us to mark the target as up would be
a false postive. For us to change that behavior and mark the host as
up, I would want some evidence that actual online hosts responding
with the wrong IP is a normal occurence.
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 26 2007
Intro
