Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Nmap NSE syn-flood

From: David Fifield <david () bamsoftware com>
Date: Tue, 13 Nov 2018 16:13:08 -0700
On Mon, Nov 12, 2018 at 12:01:32PM +0200, Noam Rathaus wrote:

I would like to contribute the following script, syn-flood.nse

I do not have much experience with NSE, so I did my best to write it according
to the standard

I would welcome feedback - in any form

In summary this NSE preforms a SYN flood on an open tcp port (65535 syn
packets), and completely ignores the response


Does this require the scanner to alter its firewall rules, so that the
kernel doesn't send a RST in response to the target's SYN/ACK?

  try(dnet:ip_open())
  try(dnet:ip_send(tcp.buf, host))
  --- We should receive an ACK back, which we won't respond to or care about

↑ I mean here, the NSE won't respond to the ACK, but the kernel will
respond with a RST, which will ruin the SYN flood.
_______________________________________________
Sent through the dev mailing list
https://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: