Vulnerability Development mailing list archives
Re: Firewall bypassing tool
From: Fyodor <fyodor () insecure org>
Date: Mon, 4 Nov 2002 10:07:44 -0800
On Sun, Nov 03, 2002 at 05:02:49PM -0600, Frank Knobbe wrote:
On Fri, 2002-11-01 at 13:38, Michael Katz wrote:At 11/1/2002 03:28 AM, d_fence wrote: One of the options for scanning is -sF, which will send SYN-FIN packets. You can also use -sA, which will send SYN-ACK packets.I was about to post the same, but thought I validate first. To me it seemed that nmap sends a packet with the FIN flag set. I did not see the SYN flag set in addition to FIN, so nmap is not an answer to his question.
Nmap has an undocumented --scanflags option which allows you to specify arbitrary flags using the flag names or a number. Thus a SYN-FIN scan can be done as follows: felix~#nmap -sS --scanflags SYNFIN -O db Starting nmap V. 3.10ALPHA3 ( www.insecure.org/nmap/ ) Interesting ports on db.yuma.net (192.168.0.4): (The 1601 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 111/tcp open sunrpc 1024/tcp open kdm Remote operating system guess: Linux Kernel 2.4.0 - 2.5.20 Uptime 58.471 days (since Fri Sep 6 23:45:12 2002) Nmap run completed -- 1 IP address (1 host up) scanned in 10.651 seconds Note that "-sS" causes this scan to use "SYN Scan" semantics (eg treating SYN|ACK responses as open ports). For FIN scan semantics (dropped packets signify open ports, RST for closed ones) just specify "-sF" instead. Cheers, Fyodor
Current thread:
- Firewall bypassing tool d_fence (Nov 01)
- Re: Firewall bypassing tool Michael Katz (Nov 03)
- Re: Firewall bypassing tool Frank Knobbe (Nov 04)
- Re: Firewall bypassing tool Fyodor (Nov 04)
- Re: Firewall bypassing tool Frank Knobbe (Nov 04)
- Re: Firewall bypassing tool Jon (Nov 03)
- RE: Firewall bypassing tool Bojan Zdrnja (Nov 03)
- <Possible follow-ups>
- Re: Firewall bypassing tool Cynic (Nov 03)
- Re: Firewall bypassing tool Michael Katz (Nov 03)