nanog mailing list archives
Re: Purpose of spoofed packets ???
From: Matthew Huff <mhuff () ox com>
Date: Wed, 11 Mar 2015 12:07:46 +0000
Nmap has an option to "hide" your real IP among either a provides or IP list of IP addresses. " D *<**decoy1**>*[,*<**decoy2**>*][,ME][,...] (Cloak a scan with decoys) Causes a decoy scan to be performed, which makes it appear to the remote host that the host(s) you specify as decoys are scanning the target network too. Thus their IDS might report 510 port scans from unique IP addresses, but they won't know which IP was scanning them and which were innocent decoys. While this can be defeated through router path tracing, response-dropping, and other active mechanisms, it is generally an effective technique for hiding your IP address." http://nmap.org/book/man-bypass-firewalls-ids.html On 11 Mar 2015 02:17, "Steve Atkins" <steve () blighty com> wrote:
Thanks. I thought it was something obvious that I was missing. This makes sense.
Current thread:
- Purpose of spoofed packets ??? Matthew Huff (Mar 10)
- Re: Purpose of spoofed packets ??? Roland Dobbins (Mar 10)
- Re: Purpose of spoofed packets ??? Laszlo Hanyecz (Mar 10)
- Re: Purpose of spoofed packets ??? Matthew Huff (Mar 10)
- Re: Purpose of spoofed packets ??? Fred Hollis (Mar 10)
- Re: Purpose of spoofed packets ??? Steve Atkins (Mar 10)
- Message not available
- Re: Purpose of spoofed packets ??? Bacon Zombie (Mar 10)
- Re: Purpose of spoofed packets ??? Matthew Huff (Mar 11)
- Message not available
- Re: Purpose of spoofed packets ??? Roland Dobbins (Mar 10)
- RE: Purpose of spoofed packets ??? Darden, Patrick (Mar 11)