Penetration Testing mailing list archives
Re: nmap -S option
From: Peter Kosinar <goober () ksp sk>
Date: Sat, 17 Feb 2007 03:13:07 +0100 (CET)
Hello Baris,
When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command, nmap does not show open ports at end of scan.
In many cases, this can be attributed to fact that in order to be able to distinguish a closed port from an open one, NMAP actually needs to see the replies from the scanned machine... and when you use the -S with a random address, the replies will be sent to that random address (if anywhere at all).
The other cases include the packets being dropped by some device on their way to / from the scanned machine (e.g. most firewalls have no reason to let packets coming from the internal network but claiming an outside IP through).
Peter -- [Name] Peter Kosinar [Quote] 2B | ~2B = exp(i*PI) [ICQ] 134813278 ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- nmap -S option Baris Erdogan (Feb 15)
- Re: nmap -S option Cedric Blancher (Feb 17)
- Re: nmap -S option Matthew Closson (Feb 17)
- Re: nmap -S option Francois Yang (Feb 17)
- RE: nmap -S option Earl Carter (ecarter) (Feb 17)
- RE: nmap -S option Shenk, Jerry A (Feb 17)
- RE: nmap -S option Philippe Dumont (Feb 17)
- Re: nmap -S option pentest (Feb 17)
- Re: nmap -S option Tim (Feb 17)
- Re: nmap -S option Dan Catalin Vasile (Feb 17)
- Re: nmap -S option Peter Kosinar (Feb 17)
- Re: nmap -S option Manuel Arostegui (Feb 17)
- <Possible follow-ups>
- Re: nmap -S option Baris Erdogan (Feb 17)
- Re: nmap -S option bariswinston (Feb 17)