WHAT'S HOT
PARTS:
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Prev | Current Page 238 | Next

Mark D. Spivey

"Practical Hacking Techniques and Countermeasures"

If you do
not use 'ME, nmap will put you in a random position.
Note that the hosts you use as decoys should be up or
you might accidentally SYN flood your targets. Also, it
will be pretty easy to determine which host is scanning
if only one is actually up on the network. You might
want to use IP addresses instead of names (so the decoy
networks do not see you in their nameserver logs). Also
note, that some (stupid) ???port scan detectors??? will
firewall/deny routing to hosts that attempt port scans.
Thus, you might inadvertently cause the machine you
scan to lose connectivity with the decoy machines you
are using. This could cause the target machines major
problems if the decoy is, say, its Internet gateway or
even local host. Thus you might want to be careful
Appendix B : Tool Syntax  689
Chapter Tool Syntax
Chapter 3
(continued)
Ping of this option. The real moral of the story is that
detectors of spoofable port scans should not take
action against the machine that seems like it is port
scanning them. It could just be a decoy! Decoys are
used both in the initial ping scan (using ICMP, SYN,
ACK, or whatever) and during the actual port scanning
phase. Decoys are also used during remote OS
detection (-O). It is worth noting that using too many
decoys may slow your scan and potentially even make
it less accurate.
-S In some circumstances, nmap may not be
able to determine your source address (nmap will tell you
if this is the case).


Pages:
226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250
Recollections of Calcutta for over Half a Century (page 67) The Time Traders (page 48) A Text-Book of the History of Painting (page 39)