Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Idea for getting alot decoys

From: Brandon Enright <bmenrigh () ucsd edu>
Date: Fri, 23 Jan 2009 00:57:20 +0000
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 22 Jan 2009 23:03:50 +0000 or thereabouts Duarte Silva
<duartejcsilva () gmail com> wrote:


Hi,

I was using nmap against *some* server, and the firewall didn't allow
much. It is actually a well tided up server. To try to get a little
more of it I tried to use decoys. That's when I had a idea, why don't
we use torrents to get on-line and valid hosts as decoys? It's
possible to implement a minimal *client* that would announce us with
a certain torrent to the torrent tracker and get the peers IP for us
to use. Some torrents get up to thousands of peers, and that's a big
pool of IPs to choose from.
This would be represented by a command line option in nmap like "-tD
<input torrent>".
What do y'all think?

Best regards,
Duarte Silva

PS: I had this idea on top of my head now, didn't study the bitorrent
protocol yet, to check for the possibility of this.

Oh forget to say hi! My first post :P



Hi Duarte, thanks for contributing to the list!

If I'm following your email right, the goal of your above suggestion,
your idea isn't to exploit some property of the BitTorrent protocol to
scan hosts, but just as a way of finding real, live hosts on the
Internet.  The idea being that using live hosts as decoys is better
than hosts not online.

If that is the case, there isn't really anything special about
BitTorrent that makes is well-suited for finding live hosts.  You could
use DNS to find lots of live IPs, the list of Tor exit nodes, pretty
much any list of IPs that are presumably online will do.  There are
just so many ways to generate such a list.

You could even gather the list of IPs passively, just run
Wireshark/tcpdump on your Internet-facing interface (non RFC 1918) and
wait for hosts to scan *you*.  Depending on how much your ISP filters,
this might be a lot of hosts, really quick.

Brandon

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.9 (GNU/Linux)

iEYEARECAAYFAkl5FfAACgkQqaGPzAsl94JJagCghltj6nyQ6bOSx5zyO3czH7pL
8CUAn0CHpaJPoJHHbN3S+AhCrV76jy2H
=QEFJ
-----END PGP SIGNATURE-----

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: