Penetration Testing mailing list archives
Re: IPS Testing
From: "José M. Palazón Romero" <josem.palazon () gmail com>
Date: Mon, 14 Jan 2008 21:30:26 +0000
Hi, I am doing a PT for a customer and found that after running nessus against the target our IP is getting blocked permanently. I want to show this issue to the customer. 1. Is there any specific tool that can generate nessus traffic by spoofing IPs? 2. Is there any tool that can change IP on the fly? While running nessus that should change source IP? The server have only port 80 Open. Thank you. Regards. PenTestr.
You can spoof your IP, and your client would be anonymously attacked, but you wouldn't have any results from nessus. You should be the one behind the faked IP to get the answers from the server, but keep in mind that if you fake to a single IP, that will be blocked too.
I would suggest to restart your attack (from another IP if you are really permanently blocked) configuring nessus (or any other scanner you are planning to use) to spaciate in time your probes. Spaciate them a lot, minutes, you are not suppose to be in any hurry, so just let the scanner gently do its job and gather the results 24 or 48 hours later.
BTW, if you are concluding that the only open port is 80 based on your scans, consider that you are being blocked after the first few tries, so in case that there are more open ports, you wouldn't know it.
BTW 2, at least you already have one thing for your report, your client is vulnerable to a total DoS via a simple decoy scan.
Regards Jose ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: IPS Testing, (continued)
- Re: IPS Testing pentestr (Jan 08)
- AW: IPS Testing Jörg Weber (Jan 09)
- Re: IPS Testing Mark Teicher (Jan 09)
- Re: IPS Testing feel2chat (Jan 09)
- Re: IPS Testing pentestr (Jan 08)
- Re: IPS Testing Alexander Klimov (Jan 08)
- Re: IPS Testing Joseph McCray (Jan 08)
- Re: IPS Testing pentestr (Jan 08)
- Re: IPS Testing Daniel Clemens (Jan 15)
- Re: IPS Testing pentestr (Jan 08)
- RE: IPS Testing Maxime Ducharme (Jan 09)
- Re: IPS Testing Mike Gibson (Jan 14)
- Re: IPS Testing José M. Palazón Romero (Jan 15)
- Re: IPS Testing Clone (Jan 22)
- Re: IPS Testing Mike Gibson (Jan 14)
- RE: IPS Testing Jeremiah Brott (Jan 07)
- RE: IPS Testing Clone (Jan 09)