Spoofing and decoy scans

When we are scanning machines that are not ours, we often want to hide our IP (our identity). Obviously, every packet must contain our source address or else the response from the target system will not know where to return to. The same applies to spoofing our IP when using Nmap. We can spoof our IP address (-S) in Nmap, but as a result, any response and any info we are trying to gather will return to the spoofed IP. Not very useful if we are scanning in order to gather info. A better solution is to obfuscate our IP address. In other words, we bury our IP address among many IP addresses so that the network/security admin can't pinpoint the source of the scan. Nmap allows us to use decoy IP addresses so that it looks like many IP addresses are scanning the target. We can do this by using the -D switch, such as typing nmap -sS 192.168.10.70 -D 10.0.0.1,10.0.0.2,10.0.0.4:

This scan will use three decoy IP addresses, but it will also use our own address. In this way, we get responses and the info on the target and the admin of the system sees scans coming from four systems simultaneously. In this way, he can't pinpoint the true source of the scan easily.