Nmap Development mailing list archives
Re: Idea for getting alot decoys
From: Duarte Silva <duartejcsilva () gmail com>
Date: Fri, 23 Jan 2009 02:06:23 +0000
Sex, 2009-01-23 às 00:57 +0000, Brandon Enright escreveu:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Jan 2009 23:03:50 +0000 or thereabouts Duarte Silva <duartejcsilva () gmail com> wrote:Hi, I was using nmap against *some* server, and the firewall didn't allow much. It is actually a well tided up server. To try to get a little more of it I tried to use decoys. That's when I had a idea, why don't we use torrents to get on-line and valid hosts as decoys? It's possible to implement a minimal *client* that would announce us with a certain torrent to the torrent tracker and get the peers IP for us to use. Some torrents get up to thousands of peers, and that's a big pool of IPs to choose from. This would be represented by a command line option in nmap like "-tD <input torrent>". What do y'all think? Best regards, Duarte Silva PS: I had this idea on top of my head now, didn't study the bitorrent protocol yet, to check for the possibility of this. Oh forget to say hi! My first post :PHi Duarte, thanks for contributing to the list! If I'm following your email right, the goal of your above suggestion, your idea isn't to exploit some property of the BitTorrent protocol to scan hosts, but just as a way of finding real, live hosts on the Internet. The idea being that using live hosts as decoys is better than hosts not online. If that is the case, there isn't really anything special about BitTorrent that makes is well-suited for finding live hosts. You could use DNS to find lots of live IPs, the list of Tor exit nodes, pretty much any list of IPs that are presumably online will do. There are just so many ways to generate such a list. You could even gather the list of IPs passively, just run Wireshark/tcpdump on your Internet-facing interface (non RFC 1918) and wait for hosts to scan *you*. Depending on how much your ISP filters, this might be a lot of hosts, really quick. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkl5FfAACgkQqaGPzAsl94JJagCghltj6nyQ6bOSx5zyO3czH7pL 8CUAn0CHpaJPoJHHbN3S+AhCrV76jy2H =QEFJ -----END PGP SIGNATURE-----
Hi Brandon, Yes that's the general idea. But for instance, to get a *decoy* list with nmap you will have to use -iR option (I might be mistaken, if so correct me please). And then, get those IPs and use them in other command where you actually would do the scan. This way you wouldn't have to worry about getting the list first, because nmap would do it for you. I reed the BitTorrent tracker announce protocol and the tracker will send the peer IP list and port to you right away, as soon as you announce yourself in the tracker. That's fairly fast and simple, the process at least. It's just a way of nmap doing a better work and doing it for you. I choose BitTorrent because it seemed the one that is packed with more diversity in terms of IPs. You could also use the port from each peer, as a source port in the spoofed packet, that way it could seem more concise (as I come to think about it, doesn't make much difference since that port is for receiving connections and not making them lol). But anyway, it will do some work for you. Best regards, Duarte Silva
Attachment:
signature.asc
Description: Esta é uma parte de mensagem assinada digitalmente
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] WinPcap Windows 7 Support Rob Nicholls (Jan 22)
- Re: [PATCH] WinPcap Windows 7 Support Fyodor (Jan 22)
- Idea for getting alot decoys Duarte Silva (Jan 22)
- Re: Idea for getting alot decoys Brandon Enright (Jan 22)
- Re: Idea for getting alot decoys Duarte Silva (Jan 22)
- Idea for getting alot decoys Duarte Silva (Jan 22)
- Re: [PATCH] WinPcap Windows 7 Support Fyodor (Jan 22)