mailing list archives
Re: Using TTL value of response packets on nmap port scans.
From: David Fifield <david () bamsoftware com>
Date: Fri, 13 Apr 2012 14:53:27 -0700
On Sat, Apr 14, 2012 at 12:27:22AM +0300, Otto Airamo wrote:
is not really doing same thing as there TTL value of scanner host is
alternated. In my idea scanner does not change anything compared to
regular scan. It is just using result of the TTL value target host
is sending. I believe that --badsum option is actually closer to
behavior that I am proposing.
Main benefit with my proposal is that behavior outside of the nmap
does not need to change. There is no need to send any extra packets
to detect situation I descript in previous emails. That was the main
thing that I wanted to bring out this idea. I wanted to get some
comments if this would give some real added value in real life
TTL value would be trivial to add to nmap output with some new flag.
Would you add this to mainstream if patch would be provided? If you
see that this does not add any value in real life scenarios, let's
not add just one more "use-only-in-a-lab" command line parameter.
I personally don't think it adds enough value to be added as a new
feature. But if other people on the mailing list think differently, then
I'm willing to look at a patch.
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/