Penetration Testing mailing list archives
RE: Tool for sending malicious traffic to destination system
From: "John Forristel (SunGard-Chico)" <John.Forristel () sungardbi-tech com>
Date: Wed, 2 Jan 2008 06:39:18 -0800
If I understand the problem, you need to gather information from a remote machine without tripping the IPS. Or change your scanner to not trip the IPS. The first method takes me back a while, so I had to look it up. It would require finding a machine that returned packet with sequential numbers. Most these days are random, or random enough where it makes no difference. The method is found at http://insecure.org/nmap/idlescan.html The other way is to slow your scans enough where the IPS server won't trigger and block your packets. In NMAP, you can do this by setting the -t option to 2, 1, or 0 to slow its down. Of course, this take a lot more time, but it is patience that counts in the pentest game. Personally, I use Nessus in conjunction with NMAP. I use a setting of -t2 and let it go on the subnet. This can take a couple of days, but who cares. I never schedule a pentest without three weeks of time, minimum. Once I can look at what it open/filtered/closed, I tailor the Nessus session to look at the particular services, not just slam the whole thing. I set Nessus to scan one target at a time (the default it 4). I use Metasploit with the same methodology. Metasploit is more granular, and the proof is far more convincing to a client. However, if you goal is to send malformed packets only, Scapy is the tool you are looking for, NMAP doesn't do that. John -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Ravi Sent: Sunday, December 30, 2007 9:29 PM To: kish_pent () yahoo com; pen-test Subject: Re: Tool for sending malicious traffic to destination system Hi Kish & list, I'm kinda looking to do a decoy scanning with traffic similar to Nessus. I understand I can't do decoy scanning with Nessus. So if there is a tool that could send malicious traffic like Nessus to my target that would be it!!! I'm basically trying to test a network that blocks my IP when I scan with Nessus. I want to prove to customer that I can spoof a source IP that would be blocked by your IPS leading to a DoS issue. Thax. Kish Pent wrote:
Hey , You must define what you mean by malicious traffic before crafting it, based on which the tool can be selected. Your aim is to send malformed packets which in other words you're trying to interpret as malicious traffic. By the way, nmap is no example for sending malicious traffic. Scapy is a very good packet crafting tool, and it can be used for subsequent port-scanning, protocol analysis, and best of all, it's just THE tool for packets. (it can do what hping can do for you, it can do what nmap,unicornscan or some other tools can do for you) You might also want to check out the www.secdev.org website, Philippe Biondi from EADS has written the tool, and given some excellent docs and ppt(s) out there. Cheers :) Kish --- Ravi <whitehaat () gmail com> wrote:Hi guys... Can anybody help me in finding a tool like 'nmap-(-D decoy)' which can send some malicious content to a system... Thanks & Regards, Whitehaat
------------------------------------------------------------------------
This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads
------------------------------------------------------------------------
-- Kishore, Penetration Tester, 17/1,Upstairs,Sarojini St, Smart Security, T.Nagar, Chennai - 600 017
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- RE: Tool for sending malicious traffic to destination system John Forristel (SunGard-Chico) (Jan 03)
- <Possible follow-ups>
- Re: Tool for sending malicious traffic to destination system Chris Brenton (Jan 03)
- Re: Tool for sending malicious traffic to destination system Fyodor (Jan 03)
- RE: Tool for sending malicious traffic to destination system John Forristel (SunGard-Chico) (Jan 03)
- Re: Tool for sending malicious traffic to destination system M.B.Jr. (Jan 07)
- Re: Tool for sending malicious traffic to destination system Kish Pent (Jan 08)