Nmap Announce mailing list archives

Re: Intrusion detection question.

From: Jose Nazario <jose () biocserver BIOC CWRU Edu>
Date: Thu, 10 Feb 2000 08:25:08 -0500 (EST)

On Thu, 10 Feb 2000, Vanja Hrustic wrote:

Does anybody have more examples on how to trick nMap fingerprinting
(UNIX examples, if possible)?


you can use ipfilter, i believe, to block non-natural packets which get
used in fingerprinting, or block stuff that's not in the state table. this
is discussed in http://www.pgci.ca/fingerprint.html . blocking SYN/FIN
combos, for example.

i haven't tested this, other stuff keeps coming up.

jose nazario                                    jose () biochemistry cwru edu
PGP fingerprint: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
Public key available at http://biocserver.cwru.edu/~jose/pgp-key.asc

Current thread:

Intrusion detection question. Daniel Swan (Feb 09)
- Re: Intrusion detection question. Vanja Hrustic (Feb 09)
  - Re: Intrusion detection question. Jose Nazario (Feb 10)
  - fooling nmap Bep Verberk (Feb 10)
    - Re: fooling nmap Lance Spitzner (Feb 10)
    - Re: fooling nmap CyberPsychotic (Feb 11)
    - Re: fooling nmap Vanja Hrustic (Feb 11)
    - Re: fooling nmap The Cyberiad (Feb 11)
- Re: Intrusion detection question. Michel Arboi (Feb 10)
  - Re: Intrusion detection question. Tomi Ollila (Feb 10)
    - Re: Intrusion detection question. Michel Arboi (Feb 14)
    - Re: Intrusion detection question. Tomi Ollila (Feb 21)
  - Re: Intrusion detection question. Bart van Leeuwen (Feb 10)