Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

GSoC Feedback
From: Ankur Nandwani <ankur2tenn () neo tamu edu>
Date: Fri, 27 Mar 2009 09:35:04 -0500 (CDT)
Hey Guys,

I am a Graduate student, doing some research in the area of TCP/IP fingerprinting. I had a few ideas regarding SoC, 
which are as follows:-

I have noticed that Snort has signatures to detect probes sent by Nmap during OS detection. For example, Snort rule 
with SID: 629 (http://www.snort.org/pub-bin/sigs.cgi?sid=629) is designed to detect T3 probe with SYN, FIN, URG, and 
PSH flags set. I was thinking, if we could avoid the use of such probes, we could prevent the detection of Nmap probes 
by an Intrusion Prevention and Detection System like Snort.

Also, as Nmap sends 16 probes for each IP address during OS detection, I was wondering if we could do some work 
specifically in reducing the number of probes sent by Nmap.

I would be glad to hear your suggestions regarding the above ideas.

Thanks & Regards
Ankur

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]