Bugtraq mailing list archives
Scanning ANY internet host anonymously with grc.com
From: Nicolas Gregoire <nicolas.gregoire () 7THZONE COM>
Date: Fri, 1 Sep 2000 10:06:10 +0200
Hi bugtraqers, here's the description of a problem with the ShieldsUp! port scanner available on-line from grc.com. The story began with a post by Jason Sheffield (jsheffield at AXENT dot COM) to the penetration testers mailing-list (pen-test at securityfocus dot com) on Wednesday 23 : ----------------------------------------------------------------------- Mark, I have actually had Gibson Research's (www.grc.com) downloadable client used against me (Previous job with an International Telecom) to scan hosts visible to the Internet. I was a lone PIX admin with the job of tracking down possible intrusion attempts. All that it requires is that you have a dual NIC'ed (or modem and NIC) host and you assign one of your interfaces the IP of the box you are trying to scan. The client will ask which IP of your "LOCAL" machine you would like to scan, and Viola, you have an anonymous port scanner at your fingertips. All sniffer traces point right back to GRC, and stop there. Nice "feature" don't you think. ----------------------------------------------------------------------- Trying it from my corporate LAN, I was able to reproduce it from a machine with only one NIC and no modem by creating a false network interface and setting the IP adress of the card to the address of the internet host that I want to (anonymously) scan for open ports. It works like a charm .... So I exchange several mails with Steve Gibson and here is his last answer : ----------------------------------------------------------------------- No, you're right, I don't like that at all. But at least the process can not be easily automated. Also, I'm about to start in on a MAJOR revamping of the ShieldsUp scanner. Here's the current planing page: http://grc.com/r&d/nextscanner.htm As you'll see, this next-generation scan cannot be "faked out" in the same fashion since it deliberately maintains open and active connections to the user's target browser and penetrates NAT routers and firewalls. [cut ...] ----------------------------------------------------------------------- So, while the ShieldsUp! port-scanner is online, it is possible to scan any internet host with an originator IP address of 207.71.92.193 (aka shieldsup.grc.com), but the process cannot be easily automated. Sorry for the length of the post, but I want to give proper credits to each person involved here. So, I thank too Pascal Stoubenfolle (pascal at 7thzone dot com) for helping me with this english text.
Current thread:
- Scanning ANY internet host anonymously with grc.com Nicolas Gregoire (Sep 01)
- <Possible follow-ups>
- Re: Scanning ANY internet host anonymously with grc.com http-equiv () excite com (Sep 02)