Nmap Development mailing list archives
Re: Patch: Setting the flags for Idlescan
From: Fyodor <fyodor () insecure org>
Date: Thu, 16 Mar 2006 17:09:59 -0800
On Thu, Mar 16, 2006 at 04:55:53PM -0800, Kurt Grutzmacher wrote:
SYN/ACK: SENT (0.4320s) TCP xx.yy.zz.ME:44951 > xx.yy.zz.ZOMBIE:55 SA ttl=53 id=32040 iplen=44 seq=3245032422 win=2048 ack=278882775 Idlescan zombie xx.yy.zz.ZOMBIE (xx.yy.zz.ZOMBIE) port 55 cannot be used because it has not returned any of our probes -- perhaps it is down or firewalled. QUITTING! ACK: SENT (0.1810s) TCP xx.yy.zz.ME:45762 > xx.yy.zz.ZOMBIE:55 A ttl=58 id=4557 iplen=44 seq=395955956 win=3072 ack=3026693419 RCVD (0.1810s) TCP xx.yy.zz.ZOMBIE:55 > xx.yy.zz.ME:45762 R ttl=64 id=54084 iplen=40 seq=3026693419 win=0 Idlescan using zombie xx.yy.zz.ZOMBIE (xx.yy.zz.ZOMBIE:55); Class: Incremental Certainly a unique situation but still possible.
But does the scan actually end up producing valid results? Remember that the target will be sending back SYN/ACK packets to the zombie, which may be dropped in the same way the SYN/ACKs you send to the zombie are. Thanks for sending the patch, -Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Patch: Setting the flags for Idlescan Kurt Grutzmacher (Mar 16)
- Re: Patch: Setting the flags for Idlescan Fyodor (Mar 16)
- Re: Patch: Setting the flags for Idlescan Kurt Grutzmacher (Mar 16)
- Re: Patch: Setting the flags for Idlescan Fyodor (Mar 16)
- Re: Patch: Setting the flags for Idlescan Kurt Grutzmacher (Mar 16)
- Re: Patch: Setting the flags for Idlescan Kurt Grutzmacher (Mar 16)
- Re: Patch: Setting the flags for Idlescan Fyodor (Mar 16)