From: Fyodor (fygrave@gmail.com)
Date: Mon Dec 31 2007 - 22:25:30 EST
Snot / Stick / Mucus-1
On Dec 31, 2007 1:29 PM, Ravi <whitehaat@gmail.com> wrote:
>
> Hi Kish & list,
>
> I'm kinda looking to do a decoy scanning with traffic similar to Nessus.
> I understand I can't do decoy scanning with Nessus. So if there is a
> tool that could send malicious traffic like Nessus to my target that
> would be it!!! I'm basically trying to test a network that blocks my IP
> when I scan with Nessus. I want to prove to customer that I can spoof a
> source IP that would be blocked by your IPS leading to a DoS issue.
>
> Thax.
>
>
> Kish Pent wrote:
> > Hey ,
> >
> > You must define what you mean by malicious traffic
> > before crafting it, based on which the tool can be
> > selected. Your aim is to send malformed packets which
> > in other words you're trying to interpret as malicious
> > traffic. By the way, nmap is no example for sending
> > malicious traffic. Scapy is a very good packet
> > crafting tool, and it can be used for subsequent
> > port-scanning, protocol analysis, and best of all,
> > it's just THE tool for packets. (it can do what hping
> > can do for you, it can do what nmap,unicornscan or
> > some other tools can do for you)
> >
> > You might also want to check out the www.secdev.org
> > website, Philippe Biondi from EADS has written the
> > tool, and given some excellent docs and ppt(s) out
> > there.
> >
> > Cheers :)
> > Kish
> >
> > --- Ravi <whitehaat@gmail.com> wrote:
> >
> >
> >> Hi guys...
> >>
> >> Can anybody help me in finding a tool like 'nmap-(-D
> >> decoy)' which can
> >> send some malicious content to a system...
> >>
> >>
> >>
> >> Thanks & Regards,
> >>
> >> Whitehaat
> >>
> >>
> >>
> >>
> >>
> > ------------------------------------------------------------------------
> >
> >> This list is sponsored by: Cenzic
> >>
> >> Need to secure your web apps NOW?
> >> Cenzic finds more, "real" vulnerabilities fast.
> >> Click to try it, buy it or download a solution FREE
> >> today!
> >>
> >> http://www.cenzic.com/downloads
> >>
> >>
> > ------------------------------------------------------------------------
> >
> >>
> >
> >
> > --
> > Kishore, Penetration Tester,
> > 17/1,Upstairs,Sarojini St,
> > Smart Security, T.Nagar,
> > Chennai - 600 017
> >
> > Phone: 91 98841 80767
> >
> >
> > ____________________________________________________________________________________
> > Looking for last minute shopping deals?
> > Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
> >
> >
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
-- http://o0o.nu ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:18 EDT