[178839] in North American Network Operators' Group
Re: Purpose of spoofed packets ???
daemon@ATHENA.MIT.EDU (Matthew Huff)
Wed Mar 11 08:07:54 2015
X-Original-To: nanog@nanog.org
From: Matthew Huff <mhuff@ox.com>
To: Bacon Zombie <baconzombie@gmail.com>, "nanog@nanog.org" <nanog@nanog.org>
Date: Wed, 11 Mar 2015 12:07:46 +0000
In-Reply-To: <CAPz7E50QbQ93nOLgjMbcKcFg3fC6p+8Wj+-ESD+G_3OvD_ngsg@mail.gmail.com>
Errors-To: nanog-bounces@nanog.org
>Nmap has an option to "hide" your real IP among either a provides or IP
>list of IP addresses.
>
>" D *<**decoy1**>*[,*<**decoy2**>*][,ME][,...] (Cloak a scan with decoys)
>
>Causes a decoy scan to be performed, which makes it appear to the remote
>host that the host(s) you specify as decoys are scanning the target
>network
>too. Thus their IDS might report 5=AD10 port scans from unique IP addresse=
s,
>but they won't know which IP was scanning them and which were innocent
>decoys. While this can be defeated through router path tracing,
>response-dropping, and other active mechanisms, it is generally an
>effective technique for hiding your IP address."
>
>http://nmap.org/book/man-bypass-firewalls-ids.html
>On 11 Mar 2015 02:17, "Steve Atkins" <steve@blighty.com> wrote:
Thanks. I thought it was something obvious that I was missing. This makes
sense.
