|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
usual iploggers miss some variable stealth scans
Subject: usual iploggers miss some variable stealth scans
From: vecna (vecna
ITAPAC.NET)
Date: Mon Jan 17 2000 - 13:26:10 CST
- Next message: Elias Levy: "Administrivia"
- Previous message: Norbert Luckhardt: "Re: IIS still revealing paths for web directories"
- Next in thread: Simple Nomad: "Re: usual iploggers miss some variable stealth scans"
- Reply: Simple Nomad: "Re: usual iploggers miss some variable stealth scans"
- Reply: Tobi: "AW: usual iploggers miss some variable stealth scans"
- Reply: Alec Kosky: "Re: usual iploggers miss some variable stealth scans"
- Reply: Hank Leininger: "Re: usual iploggers miss some variable stealth scans"
- Reply: Oliver Friedrichs: "Re: usual iploggers miss some variable stealth scans"
- Reply: Andrea Gho: "Re: usual iploggers miss some variable stealth scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
in November`99 more or less... i've discovered 5 type of new stealth scan,
with the modification of flags used normally on XMAS stealth scan.
the five type of packets that can be used for stealth scanning, and isn't
logged from the normal tcplogd/scanlogger have this flag:
URG
PUSH
URG+FIN
PUSH+FIN
URG+PUSH
this flag on packet, such FIN, XMAS (fin+urg+psh), and NULL scan (no one
flag set) cause the reply RST+ACK if port is closed, and no reply if
port is open. this is efective only against *nix system
i don't think that is an important tecnical notice... but most tcp logger
must be upgraded/reconfigurated.
i've coded patch for nmap-2.12, check http://vecna.unix.kg
Bye.
vecna
- Next message: Elias Levy: "Administrivia"
- Previous message: Norbert Luckhardt: "Re: IIS still revealing paths for web directories"
- Next in thread: Simple Nomad: "Re: usual iploggers miss some variable stealth scans"
- Reply: Simple Nomad: "Re: usual iploggers miss some variable stealth scans"
- Reply: Tobi: "AW: usual iploggers miss some variable stealth scans"
- Reply: Alec Kosky: "Re: usual iploggers miss some variable stealth scans"
- Reply: Hank Leininger: "Re: usual iploggers miss some variable stealth scans"
- Reply: Oliver Friedrichs: "Re: usual iploggers miss some variable stealth scans"
- Reply: Andrea Gho: "Re: usual iploggers miss some variable stealth scans"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
This archive was generated by hypermail 2b27 : Mon Jan 17 2000 - 22:00:56 CST