Re: Blind IP spoofing portscan tool?

["Enrique A. Sanchez Montellano" <enrique.sanchez () defcom com>]

Curt Wilson wrote:

> In the mailing for the Black Hat briefings, there is 
>
> mention of a "blind IP spoofing portscan tool" or 
>
> something along those lines. I'm curious about this 
>
> tool, what is it's name and what is the mechanism by 
>
> which it works? I'd guess that it's something involving 
>
> other elements of the IP stack or some tool that uses 
>
> a 3rd party system to check IP ID's, sequence 
>
> numbers, ICMP responses or something along those 
>
> lines.

Yes involves reading the reset ID of an static machine while spoofing 
that one ... can be done with hping2 .. hehe =) Altho Thomas Ollaffsson 
has made a extremly eficient and good version for windows wich is 
automatic (wich he is realeasing on Black Hat).

Be aware that you can pull this out on linux, Solaris and windows so no 
static windows machine is needed just a static machine. The slides will 
be online I assume if you want more technical explanation please let me 
know outside the list =)

> I'd be interested to know more information, please 
>
> share if you have this knowledge.


Enrique A. Sanchez Montellano
Chief Technical Officer Defcom Spain