by Goatboy on Tue Aug 24, 2010 7:29 pm
([msg=44240]see Re: Nmap Questions[/msg])
The -D flag (standing for Decoy) sends out your scan with a bunch of other scans from random IPs. Yours still gets sent back to you, but the others get sent off to wherever they were "sent" from by you. The target thinks that 10 people are scanning (in the sense of "nmap -D 10 xxx.xxx.xxx.xxx") when really only one is. Makes it harder for them to get to you. However, your ISP knows it's still you. All the packets are coming from you, even the spoofed ones. They can probably tell by the volume and type of packets you are sending. What I would do is send everything through a remote SSH connection, so it looks like you are just talking to your own box somewhere. It's encrypted, so they can't really inspect your packets.
Assume that everything I say is or could be a lie.
19JAW6GabFHqe9yD9rr26QL3W3V2pNitbD