Nmap Hackers: Re: fooling nmap

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Nmap Hackers mailing list archives

Re: fooling nmap

From: Lance Spitzner <lance () ksni net>
Date: Thu, 10 Feb 2000 18:16:25 -0600 (CST)

On Thu, 10 Feb 2000, Bep Verberk wrote:

BTW, anyone working on an ID  tool that fingerprints nmap ?  Something that
would identify an nmap scan, the type of scan, the version of nmap, the OS the
scan was run from, etc.


Marty Roesch and Fyodor are competing on this one.  Marty develops a signature
for snort, Fyodor defeats it.  It all depends who has the lead in the arms
race.  By the way, snort is a handly little IDS/sniffer utility, you can find
it at 

http://www.clark.net/~roesch/security.html

for the latest signatures (including nmap), check out

http://www.whitehats.com

Lance Spitzner
http://www.enteract.com/~lspitz/papers.html

By Date By Thread

Current thread:

Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
  - Re: Intrusion detection question. Jose Nazario (Feb 10)
  - fooling nmap Bep Verberk (Feb 10)
    - Re: fooling nmap Lance Spitzner (Feb 10)
    - Re: fooling nmap CyberPsychotic (Feb 11)
    - Re: fooling nmap Vanja Hrustic (Feb 11)
    - Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Michel Arboi (Feb 10)
  - Re: Intrusion detection question. Tomi Ollila (Feb 10)