|
Nmap Hackers
mailing list archives
Re: Detected NMAP scan
From: Chris Tobkin <tobkin () jaws umn edu>
Date: Wed, 6 Jan 1999 17:07:18 -0600 (CST)
Also everyone concerned about watching for scans in their logs should keep
in mind how easy it is to spoof a scan "-e eth0 -S www.whitehouse.gov".
Of course they aren't getting any information, but there are people out
there who enjoy disinformation, or like to cause trouble. Also even if
the ip scanning you is the correct one, odds are in this day that it's an
0wned linux machine, and the rightful admin has no clue it's occuring.
They should be notified, but probably not accused.
Also, somone can use the above modification to the command and scan your
network with spoofed addrs 20 or 30 times and then do it once from the actual
host.. It'll get lost in the clutter.. It would be trivial to make a shell
script to do this..
i.e. if your ip was 11.23.48.45 just have it iterate through faking
[1..80].23.48.45 and when it gets to 11, do the actual scan.. if somone is
logging the sys like my firewall does.. they'll probably just shrug it off
because of the sheer number of different admins they'd have to email..
// chris
tobkin () umn edu
*************************************************************************
Chris Tobkin tobkin () umn edu
Java and Web Services - Academic and Distributed Computing Services - UMN
Shep. Labs 190 Minneapolis, MN 55455
-----------------------------------------------------------------------
"Thanks to the printing press, the deviant smart people were able to
distribute their genius without having to pass it on genetically.
Evolution was short-circuited. We gained knowledge and
technology without gaining intelligence." - Scott Adams
*************************************************************************
 By Date 
By Thread
Current thread:
- RE: Detected NMAP scan, (continued)
|
Intro
