Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost)

[Javier Barrio <coder () fluzo org>]

On Sat, 8 Dec 2007 22:54:17 +0000, infolookup () gmail com wrote:
> Not to pretend to be gay but I think you are better off going to the authors
> website www.insecure.org, there is also a mailing list just for the app.

Hi,

As stated on the Nmap Idle Scan documentation:

"The first step is to find an appropriate zombie host. The host should not have much traffic (hence the name Idle Scan) 
and should offer predictable IPID values. Printers, Windows boxes, older Linux hosts, FreeBSD, and Mac OS boxes 
generally work fine. The latest versions of Linux, Solaris, and OpenBSD are immune as zombies, but any host can be a 
target of the scan. One way to determine host vulnerability is to simply try an Nmap Idle scan. Nmap will test the 
zombie and report whether it is reliable."

So I assume Nmap is saying to you that the zombie chosen is protected against an idle scan which, almost after then 
years the technique was released, seems to be finally patched on Windows. Yeha!

Cheers.

--
echo "dpefsAgmv{p/psh" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
GnuPG key ID 0x6D2FF8B5 @ pgp.rediris.es
http://www.fluzo.org/