Dise- Distributed Idle Scanning Engine

[ri0t <ri0t () ri0tnet net>]

After reading fyodor's paper on idle scans i began thinking of a situation in 
wich an attacker could futher cloak themselves by utilizing a list of 
multiple zombies from all over the internet and scanning one port at a time 
from each zombie effectively making the scans come from everywhere.  Being 
that doing this by hand would be very tedious some scripting would obviously 
be needed this brought about the idea of a Distributed Idle Scanning Engine.

Dise- The Distributed Idle Scanning Engine was written to make the proccess of 
idle scanning both more clandestine and and at the same time make the act of 
finding suitable zombies more user friendly.  Dise is simple a wrapper 
program written in perl that utilizes nmap's idle scanning capability and 
marries this with hping2's ability to create raw packets to allow the user to 
both scan large ip ranges for suitable zombies and then use those found 
zombie host to idle scan a target in a distributed fashion.

I am submiting this to the nmap-dev list because i found the topic very 
interesting while working on this tool and thought since it uses nmap sombody 
else my also find it interesting and take this topic in a direction not 
previously considered by the authors ferralis () mummersguild com and 
ri0t () ri0tnet net.

Dise can be downloaded from the following link
http://www.ri0tnet.net/dise-00.02.12b.tar.gz


all credit should go to the creators and maintainers of both nmap and hping 
without thier code none of my stuff would work :) thanks guys


ri0t


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev