RE: Tool for sending malicious traffic to destination system

["John Forristel (SunGard-Chico)" <John.Forristel () sungardbi-tech com>]

If I understand the problem, you need to gather information from a
remote machine without tripping the IPS.  Or change your scanner to not
trip the IPS.

The first method takes me back a while, so I had to look it up.  It
would require finding a machine that returned packet with sequential
numbers.  Most these days are random, or random enough where it makes no
difference.  The method is found at
http://insecure.org/nmap/idlescan.html

The other way is to slow your scans enough where the IPS server won't
trigger and block your packets.  In NMAP, you can do this by setting the
-t option to 2, 1, or 0 to slow its down.  Of course, this take a lot
more time, but it is patience that counts in the pentest game.  

Personally, I use Nessus in conjunction with NMAP.  I use a setting of
-t2 and let it go on the subnet.  This can take a couple of days, but
who cares.  I never schedule a pentest without three weeks of time,
minimum.  Once I can look at what it open/filtered/closed, I tailor the
Nessus session to look at the particular services, not just slam the
whole thing.  I set Nessus to scan one target at a time (the default it
4).  I use Metasploit with the same methodology.  Metasploit is more
granular, and the proof is far more convincing to a client.

However, if you goal is to send malformed packets only, Scapy is the
tool you are looking for, NMAP doesn't do that.

John



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ravi
Sent: Sunday, December 30, 2007 9:29 PM
To: kish_pent () yahoo com; pen-test
Subject: Re: Tool for sending malicious traffic to destination system


Hi Kish & list,

I'm kinda looking to do a decoy scanning with traffic similar to Nessus.

I understand I can't do decoy scanning with Nessus. So if there is a 
tool that could send malicious traffic like Nessus to my target that 
would be it!!! I'm basically trying to test a network that blocks my IP 
when I scan with Nessus. I want to prove to customer that I can spoof a 
source IP that would be blocked by your IPS leading to a DoS issue.

Thax.

Kish Pent wrote:
> Hey ,
>
> You must define what you mean by malicious traffic
> before crafting it, based on which the tool can be
> selected. Your aim is to send malformed packets which
> in other words you're trying to interpret as malicious
>  traffic. By the way, nmap is no example for sending
> malicious traffic. Scapy is a very good packet
> crafting tool, and it can be used for subsequent
> port-scanning, protocol analysis, and best of all,
> it's just THE tool for packets. (it can do what hping
> can do for you, it can do what nmap,unicornscan or
> some other tools can do for you)
>
> You might also want to check out the www.secdev.org
> website, Philippe Biondi from EADS has written the
> tool, and given some excellent docs and ppt(s) out
> there.
>
> Cheers :)
> Kish
>
> --- Ravi <whitehaat () gmail com> wrote:
>
>   
> > Hi guys...
> >
> > Can anybody help me in finding a tool like 'nmap-(-D
> > decoy)' which can 
> > send some malicious content  to a system...
> >
> >
> >
> > Thanks & Regards,
> >
> > Whitehaat
> >
> >
> >
> >
> >     
------------------------------------------------------------------------
>   
> > This list is sponsored by: Cenzic
> >
> > Need to secure your web apps NOW?
> > Cenzic finds more, "real" vulnerabilities fast.
> > Click to try it, buy it or download a solution FREE
> > today!
> >
> > http://www.cenzic.com/downloads
> >
> >     
------------------------------------------------------------------------
>   
> >     
>
>
> --
> Kishore, Penetration Tester,
> 17/1,Upstairs,Sarojini St,
> Smart Security, T.Nagar, 
> Chennai - 600 017



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------