Idle scan

[Pablo Fernández <newsclient () teamq info>]

Hi

First of all I don't know if this is the correct list to post this type
of question, if it isn't I absolutely apologize an hope you can point me
to the right list.

The thing I want to know if Idle scans are still possible in a normal
basis, I been trying on my LAN and all I get is:

codeQ:/home/pablo# nmap -sI 192.168.5.10 192.168.5.1 -P0 -vv

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-19 18:42
CEST
Idlescan using zombie 192.168.5.10 (192.168.5.10:80); Class: Incremental
Even though your Zombie (192.168.5.10; 192.168.5.10) appears to be
vulnerable to IPID sequence prediction (class: Incremental), our
attempts have failed.  This generally means that either the Zombie uses
a separate IPID base for each host (like Solaris), or because you cannot
spoof IP packets (perhaps your ISP has enabled egress filtering to
prevent IP spoofing), or maybe the target network recognizes the packet
source as bogus and drops them
QUITTING!

BTW: .10 is a linux 2.6.11-7 kernel and .1 is a linux 2.4.30.

I also been random trying on -iR dropped IP's and all I get are "All
zero" and "randomized" responses.

I read Fyodor's comment on insecure.org and I thought perhaps this was
an already fixed issue in most vendors.

Could someone please let me know if I just had bad luck or this type of
scan is obsolete?

Thanks very much,
Pablo




_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev