Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost)

[infolookup () gmail com]

Nice to know that you can confuse RUDE for GAY, if you want to make a statement and come out there is others ways to 
tell the world "start your own blog".
Sent via BlackBerry from T-Mobile

-----Original Message-----
From: Javier Barrio <coder () fluzo org>

Date: Sun, 9 Dec 2007 11:22:07 
To:security-basics () securityfocus com
Subject: Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost)



On Sat, 8 Dec 2007 22:54:17 +0000, infolookup () gmail com wrote:
> Not to pretend to be gay but I think you are better off going to the authors
> website www.insecure.org, there is also a mailing list just for the app.

Hi,

As stated on the Nmap Idle Scan documentation:

"The first step is to find an appropriate zombie host. The host should not have much traffic (hence the name Idle Scan) 
and should offer predictable IPID values. Printers, Windows boxes, older Linux hosts, FreeBSD, and Mac OS boxes 
generally work fine. The latest versions of Linux, Solaris, and OpenBSD are immune as zombies, but any host can be a 
target of the scan. One way to determine host vulnerability is to simply try an Nmap Idle scan. Nmap will test the 
zombie and report whether it is reliable."

So I assume Nmap is saying to you that the zombie chosen is protected against an idle scan which, almost after then 
years the technique was released, seems to be finally patched on Windows. Yeha!

Cheers.

--
echo "dpefsAgmv{p/psh" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
GnuPG key ID 0x6D2FF8B5 @ pgp.rediris.es
http://www.fluzo.org/