Penetration Testing mailing list archives
Re: Rookie question about differences between -S and -sI option
From: Martin Mačok <martin.macok () underground cz>
Date: Fri, 17 Feb 2006 08:55:01 +0100
On Wed, Feb 15, 2006 at 12:40:45PM +0000, Mark Fosseth wrote:
I know a bit Idle scan but I still have to find a good zombie,meanwhile I did that :
Can you spoof any IP from your network connection? You should check this first... most gateways/ISPs today doesn't allow unlimited spoofing.
then I tried to spoof my ip scanning the same target like that : nmap -vv -P0 -T4 -S xxx.xxx.xxx.xxx ( spoofed ) -e eth0 xxx.xxx.xxx.50 ( same target as simple scan ) but I obtained every port closed even if nmap scanned clearly the same target as the original trivial scan against xxx.xxx.xxx.50.
Maybe you used connect scan instead of SYN scan here? You can't spoof with the connect scan... Use -sS and use --packet_trace to see what is happening. Check out if your gateway/ISP doesn't drop spoofed packets (in most cases, it does). And generally, by spoofing IP you throw out the results because the scanner doesn't see the replies to his probes. (Are you sure you know what you are really doing? It seems to me that you are not, but I could be mistaken... Sorry if I'm wrong.) Martin Mačok ICT Security Consultant ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Rookie question about differences between -S and -sI option Mark Fosseth (Feb 13)
- Re: Rookie question about differences between -S and -sI option Marius Huse Jacobsen (Feb 13)
- Re: Rookie question about differences between -S and -sI option Tim (Feb 13)
- Message not available
- Re: Rookie question about differences between -S and -sI option Tim (Feb 15)
- Re: Rookie question about differences between -S and -sI option Mark Fosseth (Feb 16)
- Re: Rookie question about differences between -S and -sI option Martin Mačok (Feb 17)
- Message not available