Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Using TTL value of response packets on nmap port scans.
From: David Fifield <david () bamsoftware com>
Date: Fri, 13 Apr 2012 14:53:27 -0700

On Sat, Apr 14, 2012 at 12:27:22AM +0300, Otto Airamo wrote:
Actually:
http://nmap.org/nsedoc/scripts/firewalk
is not really doing same thing as there TTL value of scanner host is
alternated. In my idea scanner does not change anything compared to
regular scan. It is just using result of the TTL value target host
is sending. I believe that --badsum option is actually closer to
behavior that I am proposing.

Main benefit with my proposal is that behavior outside of the nmap
does not need to change. There is no need to send any extra packets
to detect situation I descript in previous emails. That was the main
thing that I wanted to bring out this idea. I wanted to get some
comments if this would give some real added value in real life
scenarios.

TTL value would be trivial to add to nmap output with some new flag.
Would you add this to mainstream if patch would be provided? If you
see that this does not add any value in real life scenarios, let's
not add just one more "use-only-in-a-lab" command line parameter.

I personally don't think it adds enough value to be added as a new
feature. But if other people on the mailing list think differently, then
I'm willing to look at a patch.

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]