From: Martin Mačok (martin.macok@underground.cz)
Date: Fri Feb 17 2006 - 02:55:01 EST
On Wed, Feb 15, 2006 at 12:40:45PM +0000, Mark Fosseth wrote:
> I know a bit Idle scan but I still have to find a good
> zombie,meanwhile I did that :
Can you spoof any IP from your network connection? You should check
this first... most gateways/ISPs today doesn't allow unlimited spoofing.
> then I tried to spoof my ip scanning the same target like that :
> nmap -vv -P0 -T4 -S xxx.xxx.xxx.xxx ( spoofed ) -e eth0 xxx.xxx.xxx.50 (
> same target as simple scan ) but I obtained every port closed even if nmap
> scanned clearly the same target as the original trivial scan against
> xxx.xxx.xxx.50.
Maybe you used connect scan instead of SYN scan here? You can't spoof
with the connect scan... Use -sS and use --packet_trace to see what is
happening. Check out if your gateway/ISP doesn't drop spoofed packets
(in most cases, it does). And generally, by spoofing IP you throw out
the results because the scanner doesn't see the replies to his probes.
(Are you sure you know what you are really doing? It seems to me that
you are not, but I could be mistaken... Sorry if I'm wrong.)
Martin Mačok
ICT Security Consultant
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:32 EDT