You are not logged in.
- Topics: Active | Unanswered
Pages: 1
#1 2009-12-05 10:21:19
- hunterthomson
- Member
- Registered: 2008-06-22
- Posts: 794
- Website
Concerned about Nmap scan
Hello,
I don't know enugh about this to know if this is bad or not. I'd like to know your opinion.
I think this mite be bad that I got this.
TCP Sequence Prediction: Difficulty=17 (Good luck!)
IP ID Sequence Generation: Incremental
I am useing the default Arch Kernel x86_64.
If this is bad how can I make it better?
Last edited by hunterthomson (2009-12-05 10:22:44)
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
Offline
#2 2009-12-05 10:39:09
- Zearan
- Member
- From: Germany
- Registered: 2008-03-22
- Posts: 8
Re: Concerned about Nmap scan
Hello hunterthomson,
I am not hundred percent sure about this:
The first line indicates the vulnerability to an IP spoofing attack. I think "Good luck!" means, that the system is save.
The second lines tells the attacker that your system can be used for an idle scan with you as zombie. The thing is: I have no idea how to fix this and if it is wise to change it.
If anyone knows this more precisely, please feel free to correct me. 
Edit: I correct myself: The second line COULD mean that your system can be used as zombie. There seems to be a other protection against this. I think the only way to find out is to do an idle scan ('-sI' - that's an upper case i) yourself.
Last edited by Zearan (2009-12-05 10:44:07)
Offline
#3 2009-12-05 11:07:11
- hunterthomson
- Member
- Registered: 2008-06-22
- Posts: 794
- Website
Re: Concerned about Nmap scan
Hum it seems to say (Good Luck! no matter what.
However, I know FreeBSD gets a .... 9999999 (Good Luck!)
FreeBSD also gets a ... IP ID Sequence Generation: Truly Random
and Vista gets a 255 (Good Luck!)
I don't remember what Vista got for IP ID Sequence.
From what I read so far these are Kernel settings. But if FreeBSD gets 9999999 and XP gets 255.
My 17 probaly mean it is crazy easy to guess and hijack my TCP streams.
Last edited by hunterthomson (2009-12-05 11:09:59)
OpenBSD-current Thinkpad X230, i7-3520M, 16GB CL9 Kingston, Samsung 830 256GB
Contributor: linux-grsec
Offline
#4 2009-12-05 11:49:01
- Zearan
- Member
- From: Germany
- Registered: 2008-03-22
- Posts: 8
Re: Concerned about Nmap scan
Hm, sounds indeed concerning. But I have no idea how nmap generates these values. You may want to check out their website or ask Google about that.
Offline
Pages: 1