Decoy Scan is a network scanning technique that allows you to remain partially anonymous by hiding your scan packets (and hence your IP address) between a multitude of fake packets.
This technique uses address spoofing, so along with the actual scanning packages, several similar packages are sent, but with a different sender address than their own. When they reach the destination, the recipient will have no way of distinguishing between real and dummy packages.
The IP address of the attacker will still be visible to the victim, but for any IDS or network administrator it will be more difficult to identify which of the scans received is true and then go back to the IP address that has made the scanning.
Programs that implement this technique allow you to specify a list of IP addresses. The nmap's user manual recommends that you choose plausible addresses for this list, such as other computers that are connected at the same time, and instead avoid referral networks of note corporations that are difficult to launch scans of this type. Bibliografiamodifica wikitesto
wiki
