Re: working with nemesis

["Peter Van Eeckhoutte" <peter.ve () telenet be>]

maybe checkpoint is using it's implied rules to block icmp - which you
wouldn't see if you don't turn on the logging

Just guessing

----- Original Message ----- 
From: "Bhaarath Venkateswaran" <bhaarath.venkateswaran () lucidsecurity com>
To: <security-basics () securityfocus com>
Sent: Friday, August 06, 2004 3:57 PM
Subject: working with nemesis


> hello everybody,
>         i am pretty new working on the packet crafting tool  nemesis.
> though i have efficiently used hping before , i thought nemesis is far
> more interesting than hping and hence started to play around with it,
> but iam still not able to observe the injected packet on my target using
> tcpdump, when the packet injection is successfull.
>
> i have no problem in understanding the options  for all  the protocols
> fields and i even simulate and get the output for
> some of the options and results that i got used using the tool are
>
> C:\tools\>nemesis.exe icmp -v -i 13 -S 10.125.125.125  -D
> 10.110.110.110  -G 10.107.107.127 -qT
>
> ICMP Packet Injection -=- The NEMESIS Project Version 1.4beta3 (Build 22)
>
>               [IP] 10.125.125.125 > 10.110.110.110
>            [IP ID] 65286
>         [IP Proto] ICMP (1)
>           [IP TTL] 255
>           [IP TOS] 00
>   [IP Frag offset] 0000
>    [IP Frag flags]
>
>        [ICMP Type] Timestamp Request
>        [ICMP Code] Timestamp Request
>          [ICMP ID] 27402
>  [ICMP Seq number] 4459
>
> Wrote 40 byte ICMP packet.
>
> ICMP Packet Injected
>
> now , i have successfully used it to get results for tcp and udp , but
> when i try to see the packet injected using tcpdump on my target which i
> attacked iam not able to see anything reaching the target , but the
> results i get show  that the packet has been successfully injected.
>
> Am i missing something here?  enlighten me guys.
> how can i know for certain that the target is attacked without seeing
> the packet getting thru to the target.
>
> i do have an checkpoint firewall infront of the target. i do not see the
> packet in the firewall logs also.
>
> thanking you for the same
> bhaarath.v
>
> --------------------------------------------------------------------------
-
> Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
> any course! All of our class sizes are guaranteed to be 10 students or
less
> to facilitate one-on-one interaction with one of our expert instructors.
> Attend a course taught by an expert instructor with years of in-the-field
> pen testing experience in our state of the art hacking lab. Master the
skills
> of an Ethical Hacker to better assess the security of your organization.
> Visit us at:
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> --------------------------------------------------------------------------
--
>



---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off 
any course! All of our class sizes are guaranteed to be 10 students or less 
to facilitate one-on-one interaction with one of our expert instructors. 
Attend a course taught by an expert instructor with years of in-the-field 
pen testing experience in our state of the art hacking lab. Master the skills 
of an Ethical Hacker to better assess the security of your organization. 
Visit us at: 
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------