Re: what's -sM

[Fyodor <fyodor () dhp com>]

On Fri, 10 Sep 1999, Darxus wrote:

> You specified more than one type of TCP scan.  Please choose only one of
> -sT, -sS, -sF, -sM, -sX, and -sN
>
> I would like to be able to do all kinds of scans at once... like, find me
> all open ports, no matter what it takes.

Well, you can certainly do more than one type of scan (like -sRUS to do
RPC, UDP, and SYN scans).  But allowing more than one TCP scan at once
seems to be of limited value.

> -sM does appear to be a valid flag... what is it ?

It is the top secret Maimon scan ... see Phrack 49 article 15.
Unfortunately it does not work against many systems so it isn't
documented.

Speaking of Phrack, I hope everyone is aware that P55 is out -- see
www.phrack.com .

As usual, this issue contains many fine articles. Here are my favorites
(in the off chance anyone cares :) 

Win32 Buffer Overflows (Location, Exploitation and Prevention) by dark
spyrit AKA Barnaby Jack -- The author of the recent eEye IIS hole
takes us on another journey into Windows buffer overflows. He
demonstrate s methods for reverse-engineering using Interactive
Disassembler by exposing an overflow vulnerability in the latest
version of Seattle Labs mail server (3.2.3113). Next he describes and
presents some terrific Windows shellcode for opening up a remote
shell. Finally he details a way to patch the SLMail binary to prevent
these (particular) overflows. (Requires X86 assembly knowledge). [
http://www.insecure.org/news/P55-15.txt ]

Perl CGI Problems by rain.forest.puppy -- Describes numerous
techniques for subverting common Perl programs. In particular, his
"Poison NULL byte" technique could bite even extremely careful
programmers who haven't considered this maneuver. Perl experience
helpful. [ http://www.insecure.org/news/P55-07.txt ]

Building Bastion Routers Using Cisco IOS by brett and variable k --
This article presents a comprehensive list of measures you should take
to secure Cisco routers. An excellent resource if you intend to deploy
(or attack) this technology. [ http://www.insecure.org/news/P55-10.txt ]

A *REAL* NT Rootkit, Patching the NT Kernel by Greg Hoglund -- Here
Greg describes some real-life examples of reverse engineering and
patching the NT kernel. X86 assembly knowledge is helpful. 
[ http://www.insecure.org/news/P55-05.txt ]

Cheers,
Fyodor

--
Fyodor                            'finger pgp () pgp insecure org | pgp -fka'
"Be thankful you are not my student.  You would not get a high grade for
 such a design :-) ... Writing a new OS only for the 386 in 1991 gets you
 your second 'F' for this term" 
 -- Minix author/professor Andrew Tanenbaum to Linus Torvalds (Jan '92)