LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2004, 05:08 AM   #1
Ephracis
Senior Member
 
Registered: Sep 2004
Location: Sweden
Distribution: Ubuntu, Debian
Posts: 1,109

Rep: Reputation: 49
Nmap with Idle scan


I am starting to learn the principles of the idle-scan technique.

I had a strange problem at first. I have an box running Windows 98 that is up and runs an old version of a webserver. I sat this up to use it as a zombie.
Now, from my Linux box I checked with hping and it shows that the id increases just as it's supposed to do.

But when I tried to scan another computer that I have on a different host using my own zombie I got the error that said:
Code:
Idlescan zombie xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx) port 80 cannot be used
because IPID sequencability class is: Busy server or unknown class.  Try another proxy.
Now at school I connected to my box at home via ssh and tried to scan my own host and with another zombie. Success.

Then I tried to use the same zombie on another host but that gave me the error:
Code:
Idlescan using zombie xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx:80); Class: Incremental
Even though your Zombie (217.31.184.7; 217.31.184.7) appears to be vulnerable to IPID sequence predict
ion (class: Incremental), our attempts have failed.  This generally means that either the Zombie uses
a separate IPID base for each host (like Solaris), or because you cannot spoof IP packets (perhaps you
r ISP has enabled egress filtering to prevent IP spoofing), or maybe the target network recognizes the
 packet source as bogus and drops them
QUITTING!
The zombie is the same and it's under the same ISP as I have. At the attempt that ended in success I scanned my computer from my computer but using a zombie under the same ISP within the city network.

Then I changed the target from being (me) under the same ISP to another ISP and that ended in the error shown above. Just for checking I did the scan again that scanned my box and it still ended in success.

What is the problem here?

Last edited by Ephracis; 12-10-2004 at 05:11 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
nmap scan results juanb Linux - Security 5 11-16-2004 02:31 AM
Cant scan with nmap or nessus saltas Linux - Networking 2 09-29-2004 03:34 PM
nmap scan from inside WannaLearnLinux Linux - Software 44 02-01-2004 12:47 AM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 04:44 PM
nmap scan loganwva Linux - Security 5 02-25-2003 07:16 PM


All times are GMT -5. The time now is 07:53 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration