Penetration Testing mailing list archives
RE: Blind IP spoofing portscan tool?
From: "thomas olofsson" <thomas.olofsson () defcom com>
Date: Mon, 18 Jun 2001 14:28:14 -0700
Basically the tool that i am going to present is based on Anitrez ideas. But i have developed a tool that is usable in the real world by adding packet round trip calculations (to optimize speed) and doing multiple retrys on possitives (to minimize false positives). The reason for my presentation is that this technique is very efficient especially in fooling IDS systems and it has until now been very little fuss about this technique. So i just wanted to demonstrate the technique to the broad public. My talk will focus mostly on the basic technique and how i got around all the false positives. I work quite alot with IDS monitoring and i have seen this tecnique used in the wild on several occations. so at least some black hat hackers allready have tools like this, so i thought it was time to share a tool with open source to the security community. The tool is written under windows 2000. The reason for this is that i wanted to learn their raw socket implementation and the fact that more and more people are using 2k as thair prime pen testing platform. I am right now working with ifdefs to get it to compile under linux. The tool will be released on the first day of BH. i will post the url here when it is released. I havent had a chance to look at fillipes tool yet as cant seem to download it. ----- Original Message ----- From: "Filipe Almeida" <filipe () ist utl pt> To: <netw3 () netw3 com>; <pen-test () securityfocus com> Sent: Friday, June 15, 2001 4:31 AM Subject: RE: Blind IP spoofing portscan tool?
An interesting article on this: http://www.sans.org/infosecFAQ/intrusion/spoof.htm My post to bugtraq: http://www.securityfocus.com/templates/archive.pike?list=1&mid=37272 And atirez's post: http://www.securityfocus.com/templates/archive.pike?list=1&mid=11581 -- Filipe Almeida <filipe () rnl ist utl pt> Aka LiquidK-----Original Message----- From: netw3 () netw3 com [mailto:netw3 () netw3 com] Sent: quarta-feira, 13 de Junho de 2001 22:05 To: pen-test () securityfocus com Subject: Blind IP spoofing portscan tool? In the mailing for the Black Hat briefings, there is mention of a "blind IP spoofing portscan tool" or something along those lines. I'm curious about this tool, what is it's name and what is the mechanism by which it works? I'd guess that it's something involving other elements of the IP stack or some tool that uses a 3rd party system to check IP ID's, sequence numbers, ICMP responses or something along those lines. I'd be interested to know more information, please share if you have this knowledge. PS - I'm moving to Chicago soon and looking for a good security job, anyone got any leads? Curt Wilson netw3 () netw3 com
Current thread:
- Blind IP spoofing portscan tool? Curt Wilson (Jun 13)
- Re: Blind IP spoofing portscan tool? matheny (Jun 14)
- Re: Blind IP spoofing portscan tool? Jose Nazario (Jun 14)
- Re: Blind IP spoofing portscan tool? Enrique A. Sanchez Montellano (Jun 15)
- Re: Blind IP spoofing portscan tool? Jose Nazario (Jun 14)
- Re: Blind IP spoofing portscan tool? Enrique A. Sanchez Montellano (Jun 14)
- Re: Blind IP spoofing portscan tool? Chris Winter (Jun 14)
- RE: Blind IP spoofing portscan tool? Filipe Almeida (Jun 15)
- <Possible follow-ups>
- Re: Blind IP spoofing portscan tool? Alberto_Revelli (Jun 14)
- RE: Blind IP spoofing portscan tool? Yonatan Bokovza (Jun 14)
- RE: Blind IP spoofing portscan tool? thomas olofsson (Jun 18)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Meritt James (Jun 19)
- RE: What is your policy on customers particapating in a pen test? Ken Pfeil (Jun 21)
- Re: What is your policy on customers particapating in a pen test? GBH (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 19)
- RE: What is your policy on customers participating in a pen test? Ken Halbeck (Jun 19)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 20)
- Re: What is your policy on customers particapating in a pen test? Jonathan Rickman (Jun 21)
- Re: What is your policy on customers particapating in a pen test? Vanja Hrustic (Jun 22)
- RE: What is your policy on customers particapating in a pen test? Bojan Zdrnja (Jun 25)
- What is your policy on customers particapating in a pen test? Joe Klein (Jun 19)
- Re: Blind IP spoofing portscan tool? matheny (Jun 14)