<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Nmap Hackers: Re: NMAP Identity obscuring

Re: NMAP Identity obscuring

From: Dug Song <dugsong_at_monkey.org>
Date: Wed, 22 Nov 2000 14:58:09 -0500

On Wed, Nov 22, 2000 at 09:58:57AM -0800, lamont_at_icopyright.com wrote:

> once upon a time i wrote a program called tft.c that tested tcp flags by
> running through all 64 combinations of flags (i didn't include X+Y) and
> checking what kind of packets came back.

but this still only tests a TCP in CLOSED or LISTEN...

i've met a few ppl now who've written TCP fingerprinting tools that
walk through all the states. you know who you are. ;-) i wish you guys
would publish your code already (or your paper, at least), so the rest
of us don't have to reinvent the wheel!

-d.

---
http://www.monkey.org/~dugsong/
--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).

Received on Nov 23 2000

This message: [ Message body ]
Next message: Ofir Arkin: "Novell Netware Echoing Integrity Bug with ICMP Fragment Reassembly Time Exceeded"
Previous message: lamont_at_icopyright.com: "RE: NMAP Identity obscuring"
In reply to: lamont_at_icopyright.com: "RE: NMAP Identity obscuring"
Next in thread: Cameron L Palmer: "Re: NMAP Identity obscuring"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos