Finding real host in Nmap -D Scans
From: Ryan (ryan@packetwatch.net)
Date: 03/03/03
- Previous message: oherrera: "RE: Online Scanning Services Vrs. Stand Alone Applications"
- Next in thread: H D Moore: "Re: Finding real host in Nmap -D Scans"
- Maybe reply: H D Moore: "Re: Finding real host in Nmap -D Scans"
- Maybe reply: Fyodor: "Re: Finding real host in Nmap -D Scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Ryan" <ryan@packetwatch.net> To: <pen-test@securityfocus.com>, <nmap-dev@insecure.org> Date: Sun, 2 Mar 2003 18:25:29 -0600
Hi All,
I was wondering about the decoy scan in nmap. Is there a way to tell
which host in a decoy scan is the real host? I found a post by Dug Song
(http://www.geek-girl.com/ids/1999/0057.html), but these methods won't
work anymore.
First, as Dug Song said nmap now randomizes the ttl fields, and secondly
you can't narrow it down to a host that can run nmap, because nmap can
now be run on Windows systems as well.
Ryan Spangler
http://www.packetwatch.net
----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>
Relevant Pages
|
