Hi Kerin, hi David
Am 26.08.20 um 08:49 schrieb kfm@xxxxxxxxxxxxx:
Your interpretation appears correct to me.
Thank you for your Answer! :-)
/* sNO, sSS, sSR, sES, sFW, sCW, sLA, sTW, sCL, sS2 */
/*synack*/ { sIV, sIV, sSR, sIV, sIV, sIV, sIV, sIV, sIV, sSR },
That was a great help, but it is really heavy stuff. It's hard to work through these tables and to understand them in context.
While testing I found that the xmas-statement is a rather weak protection, because it seems to check for an explicit match of
all given flags. If I use the flags in various combinations...
nmap 10.0.1.200 --scanflags "URG ACK PSH RST SYN FIN" -p 631
...it is noticeable, that some Packages was not recognized at all. But the check for 'invalid' was always successful.
Conclusion: The xmas-statement is not a good choice.
I believe that the problem can be closed. Thanks again for your help.
Best Regards, Tom
