|
Nmap Development
mailing list archives
Re: TCP Resource Exhaustion Attacks
From: Fyodor <fyodor () insecure org>
Date: Mon, 6 Oct 2008 00:51:27 -0700
On Thu, Oct 02, 2008 at 09:10:21PM +0000, Brandon Enright wrote:
I think the only reason why a Nmap user or Nmap dev should care is that
if vendors start modifying their TCP/IP attacks to either patch a real
bug, or look like they patched a bug, a lot of OS fingerprints are
likely to need to be added.
That would be truly awesome (for Nmap). Earlier TCP/IP security
tweaks such as randomized ISN's and randomized IPIDs were a big help
in distinguishing operating systems, as were non-security-related
changes such as the selective ACK option and ECN. I should join a
working group on improving TCP DoS resiliency just so I can promote
changes which Nmap OS detection can distinguish :).
Cheers,
-F
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
 By Date 
By Thread
Current thread:
- Re: TCP Resource Exhaustion Attacks, (continued)
- Re: TCP Resource Exhaustion Attacks Fyodor (Oct 06)
|
Intro
