Nmap Development mailing list archives
Re: Idle Scanning behind stateful firewalls
From: Paul Johnston <paul () westpoint ltd uk>
Date: Fri, 26 Mar 2004 10:40:10 +0000
Glyn,For idle scan to work, SYN ACK packets from the target host must get through to the zombie. If these don't get through then the scan won't work, regardless of what packets nmap uses to probe the ipid on the zombie.
Paul
But, because nmap uses a SYN/ACK, its probes get dropped by any stateful devices (coz they aren't part of an active connection), preventing their use as zombies.
-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Idle Scanning behind stateful firewalls Glyn Geoghegan (Mar 26)
- <Possible follow-ups>
- Re: Idle Scanning behind stateful firewalls Paul Johnston (Mar 26)
- RE: Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls uz - do not reply (Mar 26)
- Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls CBuH. (Mar 27)