Automating the process of decoy scanning and source spoofing
Nmap’s decoy scan is one of my favourite features regarding this tool: it allows us to specify additional IP addresses that will show up in IDS logs as fake scanning hosts. It is a really effective technique to harden discovery of the original address that issued the scan. The syntax looks as follows:
nmap -D <host_1>,<host_2>,<host_N>… <target_host>
Each host is separated with a comma and passed after `-D` command-line flag.
The only drawback of this method is that each decoy host should be up and running to prevent SYN flooding of…