Full Disclosure mailing list archives
Re: Spoof tricks & Tips ?
From: Rembrandt <rembrandt () jpberlin de>
Date: Tue, 6 Dec 2005 02:55:37 +0100
On Mon, 5 Dec 2005 17:44:03 -0800 Mark Sec <mark.sec () gmail com> wrote:
Alo folks, Well, im testing a servers and i need to scan all the ports evading IDS , IPS, i dont want to see my IP real e.g spoof scan with Nmap nmap -v -n -sT -P0 -e eth0 -p 21,22,23,25,111,135,139,445,443,1433,1434,1521,2301, -S 1.1.1.1 150.210.30.117 Or my little script: =========cut here================================ #spoof addres that u want spoofed=0.0.0 # target to scan target=150.210.30.117 # target is the host to be scanned port=1 # port will be incremented 1-1024 saddr=2 # saddr is the starting host of the spoofed address while [ $port -lt 1024 ] do #nc -vv -u -w10 -n -z -s 0.0.0.${saddr} $target $port # or sleep 2 nmap -v -n -sT -P0 -e eth0 -p $port -S ${spoofed}.${saddr} $target port=`expr $port + 1` saddr=`expr $saddr + 1` if [ $saddr -gt 254 ] then saddr=2 fi done exit =============cute here========================== Does anyone have more tricks, tips, shell scripts to scan and hiding-evading IDS, IPS the real IP ? - Mark :-)
nmap supports Zombie-Scan and also FTP-Bounce-Scanning. And the -D Option should be helpfull too... You should just care that the port dosn't transfere a lot traffic (Zombi-Scan). Another neat trick is passiv Port-Identification by simply just sniffing the traffic. But you've to wait until somebody made a connection. If you choose the -T1 option for the timing: Generating a new valid Mac-Adress every 5 Minutes is maybe also helpfull. But this could be detected (but I never saw such a paranoid setting). You maybe also wont scan with nmap because nmap-Scans are easy to detect. And reducing the ports to e.g. just 3 or 5 (for one scan-session, you can do serval and everytime a break between them) would also help because then you can do a Full-Connect Scan to avoid the Detection of SYN-Scans. Just some ideas :-) Kind regards, Rembrandt -- God did a bless on me, So accapt the dark side in you. Hate leads me to victory, so give me a war.
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Spoof tricks & Tips ? Mark Sec (Dec 05)
- Re: Spoof tricks & Tips ? Rembrandt (Dec 05)
- Re: Spoof tricks & Tips ? Tim (Dec 05)