Nmap Development mailing list archives
Idle scan and predictible ip id
From: Paul Johnston <paul () westpoint ltd uk>
Date: Wed, 03 Dec 2003 11:02:16 +0000
Hi, I'm auditing a host that has incremental ip ids. However, I am unable to use it as a zombie for an idle scan "cannot be used because it has not returned any of our probes". This box does have one open port, but it only shows up with connect/syn scan - ack scan shows everything filtered. I guess this means it's protected by some kind of stateful firewall, and this completely scuppers idle scan. My question is: does this firewall mitigate all the risks associated with predictible ip ids? Thanks, Paul -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: paul () westpoint ltd uk web: www.westpoint.ltd.uk ---------------------------------------------------------------------For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org
Current thread:
- Idle scan and predictible ip id Paul Johnston (Dec 03)
- Re: Idle scan and predictible ip id uzy (Dec 03)