hello,
i got some questions:
- if we make a 3 way handshake connection with a web server (sT), the PUBLIC IP is the one that showed up in the server logs right ? If so, can you use another person public ip as a DECOY (-D) with nmap ?
- as for spoofing the IP while scanning with nmap, is it refer to using proxy ?
- which is more stealthy, netcat or nmap (-sV) for version detection ?
- i read that I2P can make your scan with nmap more stealthy, is it true ?
any information helps, thanks :)
2 Responses
Extension:
Yes, when you make the 3 way handshake, the public IP shows in the logs. You could use another IP, but the return traffic would go to the spoofed IP and you wouldn't get any info.
Spoofing is different that using a proxy. Spoofing is sending a different IP in your packets. Proxying is using other computers to send your traffic.
Alone, neither is very stealthy. ncat will leave log files when doing banner grabbing and nmap will too in the -sT scan. The -sS is more stealthy.
I2P will make nmap more stealthy.
OTW
thanks sir OTW :)
Share Your Thoughts