Nmap Development mailing list archives
Re: Zombie Test Flag
From: "Ron (list)" <ron () skullsecurity net>
Date: Fri, 27 Jun 2008 09:38:47 -0500
Hey James, James Stephenson wrote:
I had an idea for a useful feature. Please excuse if such a feature already exists but I didn't see it. In short I think it would be useful for there to be a flag specifically to check if a system is a likely candidate to be useful as a zombie system.
That's a cool idea for a flag, I don't think it exists right now. You can, however, use hping3 to do that (I shortened the lines for brevity): bash-3.1$ sudo hping3 -S -p 135 10.100.254.141 HPING 10.100.254.141 (eth0 10.100.254.141): S set len=46 ip=10.100.254.141 ttl=128 id=30834 ... len=46 ip=10.100.254.141 ttl=128 id=30835 ... len=46 ip=10.100.254.141 ttl=128 id=30839 ... len=46 ip=10.100.254.141 ttl=128 id=30848 ... len=46 ip=10.100.254.141 ttl=128 id=30857 ... len=46 ip=10.100.254.141 ttl=128 id=30862 ... Note the id column -- that'll tell you whether or not it's a likely candidate by whether or not it's incrementing, and if it's incrementing by one. I was using Terminal Services on that system while I did that test, to ensure it woudl jump by a lot. Hope that helps! Ron _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Zombie Test Flag James Stephenson (Jun 26)
- Re: Zombie Test Flag Ron (list) (Jun 27)