Nmap Development mailing list archives
Idle scan
From: Pablo Fernández <newsclient () teamq info>
Date: Thu, 19 May 2005 18:46:21 +0200
Hi First of all I don't know if this is the correct list to post this type of question, if it isn't I absolutely apologize an hope you can point me to the right list. The thing I want to know if Idle scans are still possible in a normal basis, I been trying on my LAN and all I get is: codeQ:/home/pablo# nmap -sI 192.168.5.10 192.168.5.1 -P0 -vv Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2005-05-19 18:42 CEST Idlescan using zombie 192.168.5.10 (192.168.5.10:80); Class: Incremental Even though your Zombie (192.168.5.10; 192.168.5.10) appears to be vulnerable to IPID sequence prediction (class: Incremental), our attempts have failed. This generally means that either the Zombie uses a separate IPID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps your ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the packet source as bogus and drops them QUITTING! BTW: .10 is a linux 2.6.11-7 kernel and .1 is a linux 2.4.30. I also been random trying on -iR dropped IP's and all I get are "All zero" and "randomized" responses. I read Fyodor's comment on insecure.org and I thought perhaps this was an already fixed issue in most vendors. Could someone please let me know if I just had bad luck or this type of scan is obsolete? Thanks very much, Pablo _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Idle scan Pablo Fernández (May 19)
- Re: Idle scan Martin Mačok (May 19)
- Re: Idle scan Kurt Grutzmacher (May 20)
- Re: Idle scan Martin Mačok (May 19)