Nmap Development mailing list archives

Re: Idle Scanning behind stateful firewalls

From: Paul Johnston <paul () westpoint ltd uk>
Date: Fri, 26 Mar 2004 10:40:10 +0000

Glyn,

For idle scan to work, SYN ACK packets from the target host must getthrough to the zombie. If these don't get through then the scan won'twork, regardless of what packets nmap uses to probe the ipid on the zombie.


Paul

But, because nmap uses a SYN/ACK, its probes get dropped by any stateful
devices (coz they aren't part of an active connection), preventing their use
as zombies.

--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk



---------------------------------------------------------------------

For help using this (nmap-dev) mailing list, send a blank email tonmap-dev-help () insecure org . List archive: http://seclists.org

Current thread:

Idle Scanning behind stateful firewalls Glyn Geoghegan (Mar 26)
- <Possible follow-ups>
- Re: Idle Scanning behind stateful firewalls Paul Johnston (Mar 26)
  - RE: Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls uz - do not reply (Mar 26)
- Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls CBuH. (Mar 27)