Re: Blind IP spoofing portscan tool?

From: Enrique A. Sanchez Montellano (enrique.sanchezat_private)
Date: Fri Jun 15 2001 - 02:12:38 PDT

  • Next message: Alex Butcher: "Re: iXsecurity.tool.briiis.3.02"

    This info was taken from our course teacher notes:
    
    2 xterms:
    
    in 1.- hping2 -S -p <port you want to check> -a <machine you are 
    quering> <target> -i u10000
    in 2.- hping2 -S -A -p <port .. is optional> <machine you are quering>
    
    The i option is important so you see a nice up instead of just 1 
    increment, this way you can use machines with no so high traffic. If you 
    see an increase the port is open, if you don't maybe the port is either 
    firewalled or closed (so you can honestly say is not reachable anyway).
    
    You can beat asymetric networks this way because of the routing rules. 
    you can try also to spoof the DMZ.
    
    Enrique A. Sanchez Montellano
    Chief Technical Officer Defcom Spain
    
    Jose Nazario wrote:
    
    > no,
    > 
    > curt's looking for simple nomad's "stealth communications across networks"
    > talk slides and tools:
    > 
    > http://www.sans.org/SANS2001/techcon.htm
    > 
    > i know he was working on a tool, i think it may be announced at BlackHat
    > Vegas/2001.
    > 
    > ____________________________
    > jose nazario						     joseat_private
    > 	      	     PGP: 89 B0 81 DA 5B FD 7E 00  99 C3 B2 CD 48 A0 07 80
    > 				       PGP key ID 0xFD37F4E5 (pgp.mit.edu)
    > 
    > 
    



    This archive was generated by hypermail 2b30 : Fri Jun 15 2001 - 16:40:23 PDT