Penetration Testing mailing list archives

Re: nmap -S option

From: Peter Kosinar <goober () ksp sk>
Date: Sat, 17 Feb 2007 03:13:07 +0100 (CET)

Hello Baris,

When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command,nmap does not show open ports at end of scan.

In many cases, this can be attributed to fact that in order to be able todistinguish a closed port from an open one, NMAP actually needs to see thereplies from the scanned machine... and when you use the -S with a randomaddress, the replies will be sent to that random address (if anywhere atall).

The other cases include the packets being dropped by some device on theirway to / from the scanned machine (e.g. most firewalls have no reason tolet packets coming from the internal network but claiming an outside IPthrough).


Peter

--
[Name] Peter Kosinar   [Quote] 2B | ~2B = exp(i*PI)   [ICQ] 134813278



------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

nmap -S option Baris Erdogan (Feb 15)
- Re: nmap -S option Cedric Blancher (Feb 17)
- Re: nmap -S option Matthew Closson (Feb 17)
- Re: nmap -S option Francois Yang (Feb 17)
- RE: nmap -S option Earl Carter (ecarter) (Feb 17)
- RE: nmap -S option Shenk, Jerry A (Feb 17)
- RE: nmap -S option Philippe Dumont (Feb 17)
- Re: nmap -S option pentest (Feb 17)
- Re: nmap -S option Tim (Feb 17)
- Re: nmap -S option Dan Catalin Vasile (Feb 17)
- Re: nmap -S option Peter Kosinar (Feb 17)
- Re: nmap -S option Manuel Arostegui (Feb 17)
- <Possible follow-ups>
- Re: nmap -S option Baris Erdogan (Feb 17)
- Re: nmap -S option bariswinston (Feb 17)