Purpose of spoofed packets ???

Matthew Huff mhuff at ox.com
Wed Mar 11 12:07:46 UTC 2015


>Nmap has an option to "hide" your real IP among either a provides or IP
>list of IP addresses.
>
>" D *<**decoy1**>*[,*<**decoy2**>*][,ME][,...] (Cloak a scan with decoys)
>
>Causes a decoy scan to be performed, which makes it appear to the remote
>host that the host(s) you specify as decoys are scanning the target
>network
>too. Thus their IDS might report 5­10 port scans from unique IP addresses,
>but they won't know which IP was scanning them and which were innocent
>decoys. While this can be defeated through router path tracing,
>response-dropping, and other active mechanisms, it is generally an
>effective technique for hiding your IP address."
>
>http://nmap.org/book/man-bypass-firewalls-ids.html
>On 11 Mar 2015 02:17, "Steve Atkins" <steve at blighty.com> wrote:

Thanks. I thought it was something obvious that I was missing. This makes
sense.



More information about the NANOG mailing list