|
Nmap Development
mailing list archives
TCP Split Handshake and Nmap
From: jah <jah () zadkiel plus com>
Date: Thu, 03 Jun 2010 01:19:15 +0100
Hi folks,
Has anybody read "The TCP Split Handshake: Practical Effects on Modern
Network Equipment" published in the Macrothink Network Protocols and
Algorithms journal [1]? I thought section 8 regarding port scan
detection of a split handshake was particularly interesting and reckon
Nmap could easily handle a SYN or an ACK in response to a SYN probe in
order to mark a port as open.
If this was something we'd like to do, would we add ER_SYN and ER_ACK to
portreasons?
Related: what is ER_INITACK? it doesn't seem to be referenced anywhere...
jah
[1] - http://www.macrothink.org/journal/index.php/npa/article/view/285
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
 By Date 
By Thread
Current thread:
- TCP Split Handshake and Nmap jah (Jun 03)
|
