LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 12-10-2004, 06:08 AM   #1
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Nmap with Idle scan


I am starting to learn the principles of the idle-scan technique.

I had a strange problem at first. I have an box running Windows 98 that is up and runs an old version of a webserver. I sat this up to use it as a zombie.
Now, from my Linux box I checked with hping and it shows that the id increases just as it's supposed to do.

But when I tried to scan another computer that I have on a different host using my own zombie I got the error that said:
Code:
Idlescan zombie xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 80 cannot be used
because IPID sequencability class is: Busy server or unknown class.  Try another proxy.
Now at school I connected to my box at home via ssh and tried to scan my own host and with another zombie. Success.

Then I tried to use the same zombie on another host but that gave me the error:
Code:
Idlescan using zombie xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx:80); Class: Incremental
Even though your Zombie (217.31.184.7; 217.31.184.7) appears to be vulnerable to IPID sequence predict
ion (class: Incremental), our attempts have failed.  This generally means that either the Zombie uses
a separate IPID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps you
r ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the
 packet source as bogus and drops them
QUITTING!
The zombie is the same and it's under the same ISP as I have. At the attempt that ended in success I scanned my computer from my computer but using a zombie under the same ISP within the city network.

Then I changed the target from being (me) under the same ISP to another ISP and that ended in the error shown above. Just for checking I did the scan again that scanned my box and it still ended in success.

What is the problem here?

Last edited by Ephracis; 12-10-2004 at 06:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap scan results juanb Linux - Security 5 11-16-2004 03:31 AM
Cant scan with nmap or nessus saltas Linux - Networking 2 09-29-2004 04:34 PM
nmap scan from inside WannaLearnLinux Linux - Software 44 02-01-2004 01:47 AM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 05:44 PM
nmap scan loganwva Linux - Security 5 02-25-2003 08:16 PM


All times are GMT -5. The time now is 01:34 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration