Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Blind IP spoofing portscan tool?

From: "Enrique A. Sanchez Montellano" <enrique.sanchez () defcom com>
Date: Fri, 15 Jun 2001 11:12:38 +0200
This info was taken from our course teacher notes:

2 xterms:
in 1.- hping2 -S -p <port you want to check> -a <machine you are quering> <target> -i u10000 
in 2.- hping2 -S -A -p <port .. is optional> <machine you are quering>
The i option is important so you see a nice up instead of just 1 increment, this way you can use machines with no so high traffic. If you see an increase the port is open, if you don't maybe the port is either firewalled or closed (so you can honestly say is not reachable anyway).
You can beat asymetric networks this way because of the routing rules. you can try also to spoof the DMZ. 

Enrique A. Sanchez Montellano
Chief Technical Officer Defcom Spain

Jose Nazario wrote:


no,

curt's looking for simple nomad's "stealth communications across networks"
talk slides and tools:

http://www.sans.org/SANS2001/techcon.htm

i know he was working on a tool, i think it may be announced at BlackHat
Vegas/2001.

____________________________
jose nazario                                                 jose () cwru edu
                     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
                                       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
Previous By Date Next
Previous By Thread Next

Current thread: