From: Daniel Miessler (daniel@dmiessler.com)
Date: Sat Oct 20 2007 - 20:32:12 EDT
> On the linux side, anyone know which scanners modify the raw socket
> packet
> creation to craft 60 byte packets to mimic exactly the typical
> connect()
> packet to get around products which are smart enough to tell the
> difference
> and change behaviors accordingly?
>
As I mentioned in the piece, doing an -sT scan seems to mimic a
standard connect().
> I know that with XP SP2 Microsoft removed raw sockets and there was a
> workaround that was subsequently broken with MS05-019 & later
> patches, and
> that 2k3 server you can still utilize raw sockets. What's the
> latest scoop
> on windows scanners in this regard and the linux question above?
>
I still use Windows Server 2003 for my Windows security platform.
2000 Workstation was ok, too, but it's just too old. I imagine that
I'll be moving to 2008 after a while, but for now 2003 is the most
solid platform as far as I can tell.
Cheers,
-- Daniel Miessler E: Daniel@dmiessler.com W: http://dmiessler.com G: 0xD4A8FFF6 ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:10 EDT