[ notes & 'software' excerpted from BUGTRAQ message
  http://www.geek-girl.com/bugtraq/1999_1/0605.html ]

hello all,

I hear that maybe nmap does something similar to this, but I'm posting it
anyway to see if there is enough interest for me to continue developing it.
This is based on some code that I have been evolving for a while now.

sl0scan features:
- you select which ports to scan using comma separated lists and ranges at
  runtime
- *identical* scans sent from as many hosts as you like
- random generation of dummy hosts, or it can read a file of desired fake
  scanning sources (or both).
- choose at what sequence to insert the real scan (say, #500 out of 1000 scans)
- status shown on screen

also:
- written in easily modifiable perl;  all packet components are in variables

sl0scan drawbacks:
- you have to sniff the response.  This really isnt so bad;  you just do
  "tcpdump src <scantarget>" in a seperate window and look for the big "R"
  or "S" from each port.  (S means the port was open).  If there is interest,
  I'll fold in the packet capture function in the next release.
- it can be slow depending on how you use it
- tcp only at this release