Nmap Development mailing list archives
Re: Idea for getting alot decoys
From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 23 Jan 2009 00:57:20 +0000
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Thu, 22 Jan 2009 23:03:50 +0000 or thereabouts Duarte Silva <duartejcsilva () gmail com> wrote:
Hi, I was using nmap against *some* server, and the firewall didn't allow much. It is actually a well tided up server. To try to get a little more of it I tried to use decoys. That's when I had a idea, why don't we use torrents to get on-line and valid hosts as decoys? It's possible to implement a minimal *client* that would announce us with a certain torrent to the torrent tracker and get the peers IP for us to use. Some torrents get up to thousands of peers, and that's a big pool of IPs to choose from. This would be represented by a command line option in nmap like "-tD <input torrent>". What do y'all think? Best regards, Duarte Silva PS: I had this idea on top of my head now, didn't study the bitorrent protocol yet, to check for the possibility of this. Oh forget to say hi! My first post :P
Hi Duarte, thanks for contributing to the list! If I'm following your email right, the goal of your above suggestion, your idea isn't to exploit some property of the BitTorrent protocol to scan hosts, but just as a way of finding real, live hosts on the Internet. The idea being that using live hosts as decoys is better than hosts not online. If that is the case, there isn't really anything special about BitTorrent that makes is well-suited for finding live hosts. You could use DNS to find lots of live IPs, the list of Tor exit nodes, pretty much any list of IPs that are presumably online will do. There are just so many ways to generate such a list. You could even gather the list of IPs passively, just run Wireshark/tcpdump on your Internet-facing interface (non RFC 1918) and wait for hosts to scan *you*. Depending on how much your ISP filters, this might be a lot of hosts, really quick. Brandon -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkl5FfAACgkQqaGPzAsl94JJagCghltj6nyQ6bOSx5zyO3czH7pL 8CUAn0CHpaJPoJHHbN3S+AhCrV76jy2H =QEFJ -----END PGP SIGNATURE----- _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- [PATCH] WinPcap Windows 7 Support Rob Nicholls (Jan 22)
- Re: [PATCH] WinPcap Windows 7 Support Fyodor (Jan 22)
- Idea for getting alot decoys Duarte Silva (Jan 22)
- Re: Idea for getting alot decoys Brandon Enright (Jan 22)
- Re: Idea for getting alot decoys Duarte Silva (Jan 22)
- Idea for getting alot decoys Duarte Silva (Jan 22)
- Re: [PATCH] WinPcap Windows 7 Support Fyodor (Jan 22)