Security Basics mailing list archives
Re: Nmap, Firewall Testing, Idlescan?
From: James Goodman <j_goodman00 () yahoo co uk>
Date: Thu, 3 Feb 2005 16:57:02 +0000 (GMT)
Yup, thats what I thought, but that is exactly whats happening. If I try this internally on our network the packets fool the firewall, but as soon as I try probing one of our remote routers with another remote machine it seems to log the non-zombie machine. I wonder if the ISP is somehow blocking this kind of scan? --- david kuhlman <david.kuhlman () gmail com> wrote:
That doesn't seem to make much sense. At first glance, I would guess the Idlescan isn't working because the zombie you are trying to use doesn't have easily guessable sequence numbers. But nmap shouldn't be sending out packets straight to 1.2.5.1 if 1.2.4.1 isn't a good zombie. Look at this for more info on seq number attacks http://lcamtuf.coredump.cx/newtcp/ David On Wed, 02 Feb 2005 14:22:27 -0800 (PST), j_goodman00 () yahoo co uk <j_goodman00 () yahoo co uk> wrote:Hi, I have a couple of routers at various sites whichinclude firewalls & I would like to use nmap to test them.I have been experimenting with idlescans in anattempt to fool the firewall, but have been unsuccessful & am unsure if this is the firewall working, or me failing! :)I am attempting to 'bounce' the scans off anothercomputer of mine on a different connection:e.g. MyIP is 1.2.3.1 BounceIP is 1.2.4.1 TargetIP is 1.2.5.1 nmap -T5 -v -P0 -sI 1.2.4.1 1.2.5.1 When I look at the firewall logs they show logsalong the lines of the following:Source 1.2.3.1 Destination:1.2.5.1 Does this mean the firewall is working &successfully filtering the spoofed IP packets, or am I doing something wrong?Cheers, James
___________________________________________________________ ALL-NEW Yahoo! Messenger - all new features - even more fun! http://uk.messenger.yahoo.com
Current thread:
- Nmap, Firewall Testing, Idlescan? j_goodman00 (Feb 02)
- Re: Nmap, Firewall Testing, Idlescan? Joachim Schipper (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? david kuhlman (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? James Goodman (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? Times Enemy (Feb 04)