mailing list archives
Re: [PATCH] TCP Idle Scan in IPv6
From: "Mathias Morbitzer" <m.morbitzer () runbox com>
Date: Mon, 23 Sep 2013 10:06:27 +0200 (CEST)
On Fri, 20 Sep 2013 13:29:53 -0700, David Fifield <david () bamsoftware com> wrote:
Also, my masterthesis in which I explain the TCP Idle Scan in IPv6, is
now finished and online:
For people who do not want to read the whole thesis, I also wrote an article which only deals with the TCP Idle Scan in
IPv6, and not with its two alternatives, the RST Rate Limit Scan and the SYN Cache Scan.
It is available here:
I found it interesting in section 4.1, that Windows 8 uses a global
identifier counter, but gives it a different offset for each host.
This is indeed my favorite discovery of the whole research. No clue why anyone would do this. Maybe to make the
identifiers look random?
But if so, why not use a random value right away? If anybody knows or thinks to know the reason for this, please share
your ideas with me. !
I also didn't know that OpenBSD counts both incoming and outgoing segments
for the purpose of RST rate limiting (section 5.1).
Also very interesting for me. The man page of OpenBSD says that only incoming segments are counted, but my tests say
its also outgoing segments.
I'm working now on merging your patch.
Great! Feels good to know that my code will end up in Nmap!
Sent through the dev mailing list
Archived at http://seclists.org/nmap-dev/