Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Hackers: Re: how to know scan is correct?

Re: how to know scan is correct?

From: $eeweed <seeweed_at_peterl.com>
Date: Thu, 10 Feb 2000 13:24:43 -0800 (PST)

I noticed that Corel Linux version 1.0 has some major work that needs to
be done because of it structure it hangs when you decide to run nmap
against, Corel really thought this one out,ehh.... Time to bring in the
real OS's ....just thought I'd let you guys know that if you decide to
build an operating system..dont let it be as shitty as Corel...(which is
what my work has)

On Wed, 9 Feb 2000, Marcy Abene wrote:

> You can't avoid a syn scan - what do you think you are
> talking about? Here, look. :->
>
> syn scan: (nmap -sS)
> haxor target
> syn ->
> <- syn ack
> rst ->
>
> tcp connect full: (nmap -sT)
> hax0r target
> syn ->
> <- syn ack
> ack ->
> finack ->
> <- ack
> <- finack
> ack ->
>
> notice that the first two packets exchanged DO NOT
> CHANGE. You send an SYN to a port - if it is open
> then you get a SYN-ACK. Your kernel mods can't change
> this behavior or you lose TCP connectivity.
>
> If you meant something else, then you made a typo
> ("..but it eliminates all of the TCP scans from
> finding open ports except TCP connect..").
> --
>
> On Wed, 9 Feb 2000, Simple Nomad wrote:
> > Well, I think that if all networked systems used
> state tables you would
> > eliminate almost everything. Unfortunately pretty
> much all systems do not
> > use the built in state tables. This is actually one
> of the first
> > modifications I make on a new system via kernel
> patching -- so it really
> > only applies to open sourced operating systems --
> but it eliminates all of
> > the TCP scans from finding open ports except TCP
> connect, which can be
> > controlled any number of ways.
> >
> > - Simple Nomad - No rest for the
> Wicca'd -
> > - thegnome_at_nmrc.org -
> www.nmrc.org -
> > - thegnome_at_razor.bindview.com -
> www.bindview.com -
> >
> > On Wed, 9 Feb 2000, Reinoud Koornstra wrote:
> >
> > > Nice issue.
> > > And..... are there any suggestions for this:
> > >
> > > Assume i have a machine running ipf which deals
> with the traffic from
> > > outside.
> > > Behind that machine is an entire netwerk using
> ipnat.
> > > Now some one uses nmap on me to see what is open
> and what isnt.
> > > Now, ipf notices a packet... (fyn scan) does
> nothing with it but redirects
> > > it to another machine on the network on which the
> port is closed.
> > > Then nmap will think the port on the firewalled
> machine is closed while
> > > nmap really got the results from another machine
> without knowing it.
> > > A friend of mine deals this way with this kind of
> scans and fooling nmap
> > > completly.
> > >
> > >
> > > Bye,
> > >
> > > Reinoud.
> __________________________________________________
> Do You Yahoo!?
> Talk to your friends online with Yahoo! Messenger.
> http://im.yahoo.com
>
Received on Feb 10 2000

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos