;
Gaziel
- -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: ?? 17 ?? 2001 18:15?
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: nmap-spoofing-question
> when you include spoofed addresses you should include a real ip
> address that you want a r
When using this command, the IP snort spits out is always the one given with
"-S", but in the /var/log/messages i can see a lookup for the real IP of the
machine which is doing the scan. So I don't really believe, that it's binding
another one. I tried to have a closer look in the headers with sno
Perhaps it binds another IP to the card if you use those 2 options. In linux
(dunno about windows) it's very easy to have 1 ethernetcard listen to more
than 1 ip address. If you use that option try to see if the box responds to
the IP you gave by pinging it.
(BTW it says YOUR IP so you're NOT
-Ddecoy_host1,decoy2[,...] Hide scan using many decoys
I am assuming that you are talking about this option in nmap? If so
nmap will place you in a random position in the list of decoys that you
provide. You can also specify your position by inserting 'ME' (no
quotes) in your list. Read the ma
Hi,
when u spoof using the -D option u always put yrself into the switch option,
eg: "-Dxxx.xxx.xxx.xxx,ME,xxx.xxx.xxx.xxx" so u will receive the results of
the scan.
cheers
Ivan
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, September 16, 2001 12:23
> when you include spoofed addresses you should include a real ip address that
> you want a reply to come back to. man nmap for more information about using
> the decoy option.
Hmm. That's clear, but why does the "-S"-option work? When I use this option
together with the "-e" I get back the resu
when you include spoofed addresses you should include a real ip address that
you want a reply to come back to. man nmap for more information about using
the decoy option.
Thomas Baker
Senior Network Technician
Staples, INC.
(508) 253-3507
[EMAIL PROTECTED]
-Original Message-
From: [EM
i think youre referring to nmap's decoy option (-D).
true, you will only receive the packets destined for your ip. but your ip _and_ the
decoy ip/ip's you provided show up in a log file, instead of _just_ your ip. this
makes it more difficult for someone examining a log file to tell where the s
Hi.
All my apologies to the people who have spent their time answering my question.
I've asked my question not precisely enough... (uuhm... oops)
What I really meant were the options "-S" and "-e". Why do I get answers from
machines I've scanned when using these options? Is my real IP-address inc
