Re: nmap -S option

From: Baris Erdogan (bariswinston@yahoo.com)
Date: Thu Feb 15 2007 - 09:17:34 EST

I have sniffed the traffic when i have used -S option. No original IP address are sent over the network and destination system responds to spoofed IP address so nmap cannot capture TCP flags used in TCP packet.

Thanks you all.
 
Baris Erdogan

----- Original Message ----
From: Per-Fredrik Pollnow <per-fredrik.pollnow@sungard.se>
To: Baris Erdogan <bariswinston@yahoo.com>
Cc: pen-test@securityfocus.com
Sent: Thursday, February 15, 2007 8:54:22 PM
Subject: Re: nmap -S option

If you read Nmap’s man page, under the –S option flag, you can see the
“Note”:

/////////////////////
Note that you usually won't receive reply packets back (they will be
addressed to the IP you are spoofing), so Nmap won't produce useful
reports.
/////////////////////

For better understanding of IP-spoofing:
http://www.securityfocus.com/infocus/1674
(http://www.packetstormsecurity.org/spoof/ip-spoof-guides/IPSpoofing.txt)

MvH
Per-Fredrik Pollnow
SunGard/iXsecurity

                                                                           
             Baris Erdogan
             <bariswinston@yah
             oo.com> To
             Sent by: pen-test@securityfocus.com
             listbounce@securi cc
             tyfocus.com
                                                                   Subject
                                       nmap -S option
             02/14/2007 10:13
                                                                           
                                                                           
                                                                           
                                                                           
                                                                           

Hello,

When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command, nmap
does not show open ports at end of scan.
i wanna know whether this is normal case or not.
do i misuse nmap options?
Because when i use nmap with "nmap -sS targetaddress", nmap shows me open
ports at the end of scan.

Thanks,

Kind regards,

Baris Erdogan

____________________________________________________________________________________

Any questions? Get answers on any topic at www.Answers.yahoo.com. Try it
now.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW

------------------------------------------------------------------------

 
____________________________________________________________________________________
Get your own web address.
Have a HUGE year through Yahoo! Small Business.
http://smallbusiness.yahoo.com/domains/?p=BESTDEAL

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT