Full Disclosure mailing list archives
Re: Spoof tricks & Tips ?
From: Tim <tim-security () sentinelchicken org>
Date: Mon, 5 Dec 2005 20:57:38 -0500
Hello Mark Sec,
Well, im testing a servers and i need to scan all the ports evading IDS , IPS, i dont want to see my IP real
Try reading your documentation more thoroughly. ~> man nmap ... -sI <zombie host[:probeport]> Idlescan: This advanced scan method allows for a truly blind TCP port scan of the target (meaning no packets are sent to the target from your real IP address). Instead, a unique side-channel attack exploits predictable "IP fragmentation ID" sequence generation on the zombie host to glean information about the open ports on the target. IDS systems will display the scan as coming from the zombie machine you specify (which must be up and meet certain criteria). I wrote an informal paper about this technique at http://www.inse- cure.org/nmap/idlescan.html . Besides being extraordinarily stealthy (due to its blind nature), this scan type permits mapping out IP-based trust rela- tionships between machines. The port listing shows open ports from the perspec- tive of the zombie host. So you can try scanning a target using various zombies that you think might be trusted (via router/packet filter rules). Obviously this is crucial information when priori- tizing attack targets. Otherwise, you penetration testers might have to expend considerable resources "owning" an inter- mediate system, only to find out that its IP isn't even trusted by the target host/network you are ultimately after. You can add a colon followed by a port number if you wish to probe a particular port on the zombie host for IPID changes. Otherwise Nmap will use the port it uses by default for "tcp pings". ... tim _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Spoof tricks & Tips ? Mark Sec (Dec 05)
- Re: Spoof tricks & Tips ? Rembrandt (Dec 05)
- Re: Spoof tricks & Tips ? Tim (Dec 05)