From: José M. Palazón Romero (josem.palazon@gmail.com)
Date: Mon Jan 14 2008 - 16:30:26 EST
>> Hi,
>>
>> I am doing a PT for a customer and found that after running nessus
>> against the target our IP is getting blocked permanently. I want to show
>> this issue to the customer.
>> 1. Is there any specific tool that can generate nessus traffic by
>> spoofing IPs?
>> 2. Is there any tool that can change IP on the fly? While running nessus
>> that should change source IP?
>>
>> The server have only port 80 Open.
>>
>> Thank you.
>> Regards.
>> PenTestr.
>>
>>
You can spoof your IP, and your client would be anonymously attacked,
but you wouldn't have any results from nessus. You should be the one
behind the faked IP to get the answers from the server, but keep in mind
that if you fake to a single IP, that will be blocked too.
I would suggest to restart your attack (from another IP if you are
really permanently blocked) configuring nessus (or any other scanner you
are planning to use) to spaciate in time your probes. Spaciate them a
lot, minutes, you are not suppose to be in any hurry, so just let the
scanner gently do its job and gather the results 24 or 48 hours later.
BTW, if you are concluding that the only open port is 80 based on your
scans, consider that you are being blocked after the first few tries, so
in case that there are more open ports, you wouldn't know it.
BTW 2, at least you already have one thing for your report, your client
is vulnerable to a total DoS via a simple decoy scan.
Regards
Jose
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:20 EDT