Nmap Development mailing list archives
Dise- Distributed Idle Scanning Engine
From: ri0t <ri0t () ri0tnet net>
Date: Fri, 5 May 2006 14:27:37 +0000
After reading fyodor's paper on idle scans i began thinking of a situation in wich an attacker could futher cloak themselves by utilizing a list of multiple zombies from all over the internet and scanning one port at a time from each zombie effectively making the scans come from everywhere. Being that doing this by hand would be very tedious some scripting would obviously be needed this brought about the idea of a Distributed Idle Scanning Engine. Dise- The Distributed Idle Scanning Engine was written to make the proccess of idle scanning both more clandestine and and at the same time make the act of finding suitable zombies more user friendly. Dise is simple a wrapper program written in perl that utilizes nmap's idle scanning capability and marries this with hping2's ability to create raw packets to allow the user to both scan large ip ranges for suitable zombies and then use those found zombie host to idle scan a target in a distributed fashion. I am submiting this to the nmap-dev list because i found the topic very interesting while working on this tool and thought since it uses nmap sombody else my also find it interesting and take this topic in a direction not previously considered by the authors ferralis () mummersguild com and ri0t () ri0tnet net. Dise can be downloaded from the following link http://www.ri0tnet.net/dise-00.02.12b.tar.gz all credit should go to the creators and maintainers of both nmap and hping without thier code none of my stuff would work :) thanks guys ri0t _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Dise- Distributed Idle Scanning Engine ri0t (May 05)