Penetration Testing mailing list archives
Re: nmap -S option
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Thu, 15 Feb 2007 09:57:45 +0100
Le mercredi 14 février 2007 à 01:13 -0800, Baris Erdogan a écrit :
When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command, nmap does not show open ports at end of scan. i wanna know whether this is normal case or not. do i misuse nmap options?
-S is used to spoof source IP addresse. So, if you spoof a source address, there's a considerable chance you may not get the replies from your target, as they will be destined to the very IP address you're spoofing. Usually, -S parameter is mostly used for decoys, although a dedicated option is available for that purpose. Now, practical example, where you're A spoofing C to scan B: A ---- SYN(src=C) ----> B ---- SYN/ACK ----> C A does not see any reply from B, deducing there are only filtered ports on B. OK ? If you want to actualy get something back from your scan, you'll have to make sure replies from B to C come back to A, like ARP cache poisoning or any traffic redirection technic you may think of. You can also think of using Idle Scan technic provided you can predict C is idle and has a predictable IP Ids generator. You can find more info on Nmap website: http://insecure.org/nmap/idlescan.html Using nmap, you will launch: nmap -sI spoofaddress:openport targetaddress -e eth0 -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- nmap -S option Baris Erdogan (Feb 15)
- Re: nmap -S option Cedric Blancher (Feb 17)
- Re: nmap -S option Matthew Closson (Feb 17)
- Re: nmap -S option Francois Yang (Feb 17)
- RE: nmap -S option Earl Carter (ecarter) (Feb 17)
- RE: nmap -S option Shenk, Jerry A (Feb 17)
- RE: nmap -S option Philippe Dumont (Feb 17)
- Re: nmap -S option pentest (Feb 17)
- Re: nmap -S option Tim (Feb 17)
- Re: nmap -S option Dan Catalin Vasile (Feb 17)
- Re: nmap -S option Peter Kosinar (Feb 17)
- Re: nmap -S option Manuel Arostegui (Feb 17)
(Thread continues...)