Re: Zombie Test Flag

["Ron (list)" <ron () skullsecurity net>]

Hey James,

James Stephenson wrote:
> I had an idea for a useful feature. Please excuse if such a feature 
> already exists but I didn't see it. In short I think it would be useful 
> for there to be a flag specifically to check if a system is a likely 
> candidate to be useful as a zombie system. 

That's a cool idea for a flag, I don't think it exists right now. You 
can, however, use hping3 to do that (I shortened the lines for brevity):

bash-3.1$ sudo hping3 -S -p 135 10.100.254.141
HPING 10.100.254.141 (eth0 10.100.254.141): S set
len=46 ip=10.100.254.141 ttl=128 id=30834 ...
len=46 ip=10.100.254.141 ttl=128 id=30835 ...
len=46 ip=10.100.254.141 ttl=128 id=30839 ...
len=46 ip=10.100.254.141 ttl=128 id=30848 ...
len=46 ip=10.100.254.141 ttl=128 id=30857 ...
len=46 ip=10.100.254.141 ttl=128 id=30862 ...

Note the id column -- that'll tell you whether or not it's a likely 
candidate by whether or not it's incrementing, and if it's incrementing 
by one. I was using Terminal Services on that system while I did that 
test, to ensure it woudl jump by a lot.

Hope that helps!

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org