Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-10-2004, 05:08 AM   #1
Senior Member
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Nmap with Idle scan

I am starting to learn the principles of the idle-scan technique.

I had a strange problem at first. I have an box running Windows 98 that is up and runs an old version of a webserver. I sat this up to use it as a zombie.
Now, from my Linux box I checked with hping and it shows that the id increases just as it's supposed to do.

But when I tried to scan another computer that I have on a different host using my own zombie I got the error that said:
Idlescan zombie ( port 80 cannot be used
because IPID sequencability class is: Busy server or unknown class.  Try another proxy.
Now at school I connected to my box at home via ssh and tried to scan my own host and with another zombie. Success.

Then I tried to use the same zombie on another host but that gave me the error:
Idlescan using zombie (; Class: Incremental
Even though your Zombie (; appears to be vulnerable to IPID sequence predict
ion (class: Incremental), our attempts have failed.  This generally means that either the Zombie uses
a separate IPID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps you
r ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the
 packet source as bogus and drops them
The zombie is the same and it's under the same ISP as I have. At the attempt that ended in success I scanned my computer from my computer but using a zombie under the same ISP within the city network.

Then I changed the target from being (me) under the same ISP to another ISP and that ended in the error shown above. Just for checking I did the scan again that scanned my box and it still ended in success.

What is the problem here?

Last edited by Ephracis; 12-10-2004 at 05:11 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap scan results juanb Linux - Security 5 11-16-2004 02:31 AM
Cant scan with nmap or nessus saltas Linux - Networking 2 09-29-2004 03:34 PM
nmap scan from inside WannaLearnLinux Linux - Software 44 02-01-2004 12:47 AM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 04:44 PM
nmap scan loganwva Linux - Security 5 02-25-2003 07:16 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:32 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration