Penetration Testing mailing list archives
Re: IPS Testing
From: Daniel Clemens <daniel.clemens () packetninjas net>
Date: Mon, 14 Jan 2008 16:23:30 -0600
On Thu, 2008-01-03 at 14:26 +0530, pentestr wrote:Hi,I am doing a PT for a customer and found that after running nessus against the target our IP is getting blocked permanently. I want to show this issue to the customer. 1. Is there any specific tool that can generate nessus traffic by spoofing IPs? 2. Is there any tool that can change IP on the fly? While running nessus that should change source IP?
You can spoof your ip with Nmap, or even unicornscan.The problem is you will basically be spoofing the initial SYN request , assuming your upstream provider doesn't do ingress/egress filtering.
I want to confirm this issue of the IPS. If the IPS is blocking traffic then by spoofing other IP I can block service to them and It will become a CRITICAL issue because an attacker can spoof IP ranges and it could lead to DOS.
If your trying to prove this point you may want to spoof traffic coming from all the DNS root servers or traffic coming from 127.0.0.1 and the upstream routers of your client's subnet.
-Daniel Clemens ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- IPS Testing pentestr (Jan 03)
- Re: IPS Testing Joshua Gimer (Jan 07)
- Re: IPS Testing pentestr (Jan 08)
- AW: IPS Testing Jörg Weber (Jan 09)
- Re: IPS Testing Mark Teicher (Jan 09)
- Re: IPS Testing feel2chat (Jan 09)
- Re: IPS Testing pentestr (Jan 08)
- Re: IPS Testing Alexander Klimov (Jan 08)
- Re: IPS Testing Joseph McCray (Jan 08)
- Re: IPS Testing pentestr (Jan 08)
- Re: IPS Testing Daniel Clemens (Jan 15)
- Re: IPS Testing pentestr (Jan 08)
- RE: IPS Testing Maxime Ducharme (Jan 09)
- Re: IPS Testing Mike Gibson (Jan 14)
- Re: IPS Testing José M. Palazón Romero (Jan 15)
- Re: IPS Testing Clone (Jan 22)
- Re: IPS Testing Mike Gibson (Jan 14)
- <Possible follow-ups>
- RE: IPS Testing Jeremiah Brott (Jan 07)
- RE: IPS Testing Clone (Jan 09)
- Re: IPS Testing Joshua Gimer (Jan 07)