An unusual scan signature
A scan footprint that does not match any tool I recognise. A walk through the diagnostic process — what I tried, what I ruled out, what I think it actually was.
Notes from the field
Writing
Long-form thinking on cyber defence, detection, and resilience — from Slackware-era honeypots through to AI-driven SOC analytics.
Showing posts tagged nmap — 3 results.
nmap -O: how OS fingerprinting actually works
I have been using nmap's -O flag for a year and only this week sat down to read how it actually works. The technique is more subtle than I had assumed and the implications for stealth are larger.
Mapping a network from the outside in
Fyodor's nmap has become my single most-used tool when I want to know, with confidence, what is actually on a network. A short walk through what it does and why every defender should run it on their own perimeter regularly.