Are you thinking of passive network mapping? That's the closest thing I can think of to what you're talking about. This manner of portscanning/network mapping requires that you either already have access to a machine on the same subnet as the machine you want to map (so you can sniff ISN info) or the spoofed target has poor ISN generation capabilities (NT, default solaris, 9x, etc). This method of 'anonymous' port mapping has been around for some time, standard technical dificulties associated with IP spoofing still apply to this method however. -Blake Whatchu talkin' 'bout, Willis? > In the mailing for the Black Hat briefings, there is > mention of a "blind IP spoofing portscan tool" or > something along those lines. I'm curious about this > tool, what is it's name and what is the mechanism by > which it works? I'd guess that it's something involving > other elements of the IP stack or some tool that uses > a 3rd party system to check IP ID's, sequence > numbers, ICMP responses or something along those > lines. > > I'd be interested to know more information, please > share if you have this knowledge. > > PS - I'm moving to Chicago soon and looking for a > good security job, anyone got any leads? > > Curt Wilson > netw3at_private > --
This archive was generated by hypermail 2b30 : Thu Jun 14 2001 - 10:24:02 PDT