Full Disclosure mailing list archives
Re: Idle scan rediscovered!!!
From: Cedric Blancher <blancher () cartel-securite fr>
Date: Fri, 05 May 2006 18:49:20 +0200
Le vendredi 05 mai 2006 à 12:33 -0400, Tim a écrit :
Sorry, I'm having difficulty following some of the details of your results. Are you using the Windows machines as the idle hosts only, or is the Ubuntu box also being used as an idle host in some configurations?
As standard 2.4/2.6 kernels behaviour is to set DF flag to 1, and IPID to 0, it's a very bad candidate for an idle host. And sadly, it's no news that Windows boxes are prone to idle scanning because they have an incremental IPID generator... -- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus. Copy me to your signature file and help me spread!
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Idle scan rediscovered!!! Joel Jose (May 05)
- Re: Idle scan rediscovered!!! Tim (May 05)
- Re: Idle scan rediscovered!!! Cedric Blancher (May 05)
- Re: Idle scan rediscovered!!! Cedric Blancher (May 05)
- Re: Idle scan rediscovered!!! Tim (May 05)
- Re: Idle scan rediscovered!!! Cedric Blancher (May 05)
- Re: Idle scan rediscovered!!! rembrandt (May 05)
- Re: Idle scan rediscovered!!! Tim (May 05)
- Re: Idle scan rediscovered!!! Tim (May 05)
- Re: Idle scan rediscovered!!! Cedric Blancher (May 05)
- Re: Idle scan rediscovered!!! Tim (May 05)