Home page logo
/

nmap-dev logo Nmap Development mailing list archives

TCP Split Handshake and Nmap
From: jah <jah () zadkiel plus com>
Date: Thu, 03 Jun 2010 01:19:15 +0100

Hi folks,

Has anybody read "The TCP Split Handshake: Practical Effects on Modern
Network Equipment" published in the Macrothink Network Protocols and
Algorithms journal [1]?  I thought section 8 regarding port scan
detection of a split handshake was particularly interesting and reckon
Nmap could easily handle a SYN or an ACK in response to a SYN probe in
order to mark a port as open.

If this was something we'd like to do, would we add ER_SYN and ER_ACK to
portreasons?

Related: what is ER_INITACK? it doesn't seem to be referenced anywhere...

jah

[1] - http://www.macrothink.org/journal/index.php/npa/article/view/285
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault