Nmap Development mailing list archives
RE: Idle Scanning behind stateful firewalls
From: <nmap () moiler com>
Date: Fri, 26 Mar 2004 20:48:32 +1000
Hi Paul, Yep - but if the zombie and target are behind the stateful firewall, then nmap's SYNs could get through to the target, the target's SYN/ACKs would hit the zombie and nmap's SYN's would get through the stateful firewall where SYN/ACKs wouldn't. This one might need a picture! Glyn Geoghegan.
-----Original Message----- From: Paul Johnston [mailto:paul () westpoint ltd uk] Sent: 26 March 2004 20:40 To: Glyn Geoghegan Cc: nmap-dev () insecure org Subject: Re: Idle Scanning behind stateful firewalls Glyn, For idle scan to work, SYN ACK packets from the target host must get through to the zombie. If these don't get through then the scan won't work, regardless of what packets nmap uses to probe the ipid on the zombie. PaulBut, because nmap uses a SYN/ACK, its probes get dropped byany statefuldevices (coz they aren't part of an active connection),preventing their useas zombies.-- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk
--------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Idle Scanning behind stateful firewalls Glyn Geoghegan (Mar 26)
- <Possible follow-ups>
- Re: Idle Scanning behind stateful firewalls Paul Johnston (Mar 26)
- RE: Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls uz - do not reply (Mar 26)
- Idle Scanning behind stateful firewalls nmap (Mar 26)
- Re: Idle Scanning behind stateful firewalls CBuH. (Mar 27)