Security Basics mailing list archives
Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost)
From: Javier Barrio <coder () fluzo org>
Date: Sun, 9 Dec 2007 11:22:07 +0100
On Sat, 8 Dec 2007 22:54:17 +0000, infolookup () gmail com wrote:
Not to pretend to be gay but I think you are better off going to the authors website www.insecure.org, there is also a mailing list just for the app.
Hi, As stated on the Nmap Idle Scan documentation: "The first step is to find an appropriate zombie host. The host should not have much traffic (hence the name Idle Scan) and should offer predictable IPID values. Printers, Windows boxes, older Linux hosts, FreeBSD, and Mac OS boxes generally work fine. The latest versions of Linux, Solaris, and OpenBSD are immune as zombies, but any host can be a target of the scan. One way to determine host vulnerability is to simply try an Nmap Idle scan. Nmap will test the zombie and report whether it is reliable." So I assume Nmap is saying to you that the zombie chosen is protected against an idle scan which, almost after then years the technique was released, seems to be finally patched on Windows. Yeha! Cheers. -- echo "dpefsAgmv{p/psh" | perl -pe 's/(.)/chr(ord($1)-1)/ge' GnuPG key ID 0x6D2FF8B5 @ pgp.rediris.es http://www.fluzo.org/
Current thread:
- IPID sequencability class is: All zeros (Nmap Idle Scan with zombie host) Simon Jolle "sjolle" (Dec 08)
- Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost) infolookup (Dec 08)
- Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost) Simon Jolle "sjolle" (Dec 08)
- Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost) Javier Barrio (Dec 10)
- Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost) infolookup (Dec 10)
- Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost) infolookup (Dec 08)