Le mercredi 14 février 2007 à 01:13 -0800, Baris Erdogan a écrit :
When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command,
nmap does not show open ports at end of scan.
i wanna know whether this is normal case or not.
do i misuse nmap options?
-S is used to spoof source IP addresse. So, if you spoof a source
address, there's a considerable chance you may not get the replies from
your target, as they will be destined to the very IP address you're
spoofing. Usually, -S parameter is mostly used for decoys, although a
dedicated option is available for that purpose.
Now, practical example, where you're A spoofing C to scan B:
A ---- SYN(src=C) ----> B ---- SYN/ACK ----> C
A does not see any reply from B, deducing there are only filtered ports
on B. OK ? If you want to actualy get something back from your scan,
you'll have to make sure replies from B to C come back to A, like ARP
cache poisoning or any traffic redirection technic you may think of.
You can also think of using Idle Scan technic provided you can predict C
is idle and has a predictable IP Ids generator. You can find more info
on Nmap website:
http://insecure.org/nmap/idlescan.html
Using nmap, you will launch:
nmap -sI spoofaddress:openport targetaddress -e eth0
--
http://sid.rstack.org/
PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE
Hi! I'm your friendly neighbourhood signature virus.
Copy me to your signature file and help me spread!
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
