Re: Rookie question about differences between -S and -sI option

From: Marius Huse Jacobsen (mahuja@c2i.net)
Date: Mon Feb 13 2006 - 18:26:32 EST

• Next message: Michele Vetturi: "Re: local proxy udp 53"
• Previous message: Wayne: "Microsoft Special Deals"
• In reply to: Mark Fosseth: "Rookie question about differences between -S and -sI option"
• Next in thread: Tim: "Re: Rookie question about differences between -S and -sI option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Mark Fosseth wrote:

| In terms of probing IPs which is the difference between scanning an host
| spoofing the source IP via -S option or scanning through an idle scan
| via the -sI option beside perspetive of course ?

| I performed a normal -sS scan and later I issued the same command and
| option using also -S but despiting the fact the command started
| correctly I had no results even if the spoofed IP was online. Do you
| have an idea what I am missing ?

- -S sets the "self" address, -sI sets an "idlehost" address. And there's
the "target" address.

In a -sS scan, it sends packets [from self to target], and tries to read
for any [target to self] packets. The returning packets must pass by
your interface(s) on their way to the "self" address.

In a -sI scan, it sends packets [from idle to target] and [self to
idle]. It never registers [target to idle] replies, but tries to detect
them based on what it finds in the [idle to self] replies.

Rookie... Shouldn't last too long, I hope. :P

M.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (MingW32)

iD8DBQFD8RWol9nYJJam7WsRA6vpAKCbAXkAwAyGVROwQyRUy4tC5pZuZQCfZ6Oy
VonxArfrh5LtB1vLEIQ1NmM=
=wsnC
-----END PGP SIGNATURE-----

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Michele Vetturi: "Re: local proxy udp 53"
• Previous message: Wayne: "Microsoft Special Deals"
• In reply to: Mark Fosseth: "Rookie question about differences between -S and -sI option"
• Next in thread: Tim: "Re: Rookie question about differences between -S and -sI option"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:31 EDT