From: Cedric Blancher (blancher@cartel-securite.fr)
Date: Thu Feb 15 2007 - 03:57:45 EST
Le mercredi 14 février 2007 à 01:13 -0800, Baris Erdogan a écrit :
> When i use "nmap -sS targetaddress -S spoofaddress -e eth0" command,
> nmap does not show open ports at end of scan.
> i wanna know whether this is normal case or not.
> do i misuse nmap options?
-S is used to spoof source IP addresse. So, if you spoof a source
address, there's a considerable chance you may not get the replies from
your target, as they will be destined to the very IP address you're
spoofing. Usually, -S parameter is mostly used for decoys, although a
dedicated option is available for that purpose.
Now, practical example, where you're A spoofing C to scan B:
A ---- SYN(src=C) ----> B ---- SYN/ACK ----> C
A does not see any reply from B, deducing there are only filtered ports
on B. OK ? If you want to actualy get something back from your scan,
you'll have to make sure replies from B to C come back to A, like ARP
cache poisoning or any traffic redirection technic you may think of.
You can also think of using Idle Scan technic provided you can predict C
is idle and has a predictable IP Ids generator. You can find more info
on Nmap website:
http://insecure.org/nmap/idlescan.html
Using nmap, you will launch:
nmap -sI spoofaddress:openport targetaddress -e eth0
-- http://sid.rstack.org/ PGP KeyID: 157E98EE FingerPrint: FA62226DA9E72FA8AECAA240008B480E157E98EE >> Hi! I'm your friendly neighbourhood signature virus. >> Copy me to your signature file and help me spread! ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:34 EDT