Thanks for all your response. Unfortunately, I am unable to completely solve
this mystery. When I did a traceroute to 10.10.209.108, it infact ended at
10.204.100.2. But because I do not have access on 10.204.100.2, I am unable
to see the configuration on it. 10.10.209.108 might be configured as
anything on that. Will have to wait till I see the config.
Thanks again.
Swapnali
On 10/26/07, Fyodor <fyodor_at_insecure.org> wrote:
>
> On Fri, Oct 26, 2007 at 07:10:33AM +0000, Brandon Enright wrote:
> >
> > I haven't given it more than 2 seconds of thought, but we could try
> > something TCP SYNCOOKIE inspired for our ICMP ECHO requests.
>
> Hi Brandon. The response already has enough information (e.g. ICMP
> sequence and ID numbers) for us to recognize it. But I think in most
> cases where we get a response from a different IP than the target we
> sent to, it is because the target host forwarded the request
> (e.g. subnet-directed broadcast) to other machines, and one or more of
> them answered. In that case, for us to mark the target as up would be
> a false postive. For us to change that behavior and mark the host as
> up, I would want some evidence that actual online hosts responding
> with the wrong IP is a normal occurence.
>
> Cheers,
> -F
>
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Oct 26 2007
Intro
