Finding real host in Nmap -D Scans

From: Ryan (ryan@packetwatch.net)
Date: Sun Mar 02 2003 - 19:25:29 EST

• Next message: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Previous message: oherrera: "RE: Online Scanning Services Vrs. Stand Alone Applications"
• Next in thread: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Maybe reply: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Maybe reply: Fyodor: "Re: Finding real host in Nmap -D Scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi All,

I was wondering about the decoy scan in nmap. Is there a way to tell
which host in a decoy scan is the real host? I found a post by Dug Song
(http://www.geek-girl.com/ids/1999/0057.html), but these methods won't
work anymore.

First, as Dug Song said nmap now randomizes the ttl fields, and secondly
you can't narrow it down to a host that can run nmap, because nmap can
now be run on Windows systems as well.

Ryan Spangler
http://www.packetwatch.net

----------------------------------------------------------------------------
<Pre>Do you know the base address of the Global Offset Table (GOT) on a Solaris 8 box?
CORE IMPACT does.</Pre>
<A href="http://www.securityfocus.com/core"> http://www.securityfocus.com/core>

• Next message: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Previous message: oherrera: "RE: Online Scanning Services Vrs. Stand Alone Applications"
• Next in thread: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Maybe reply: H D Moore: "Re: Finding real host in Nmap -D Scans"
• Maybe reply: Fyodor: "Re: Finding real host in Nmap -D Scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:29 EDT