Home page logo

nmap-dev logo Nmap Development mailing list archives

Idle scan and predictible ip id
From: Paul Johnston <paul () westpoint ltd uk>
Date: Wed, 03 Dec 2003 11:02:16 +0000


I'm auditing a host that has incremental ip ids. However, I am unable to
use it as a zombie for an idle scan "cannot be used because it has not
returned any of our probes". This box does have one open port, but it
only shows up with connect/syn scan - ack scan shows everything
filtered. I guess this means it's protected by some kind of stateful
firewall, and this completely scuppers idle scan.

My question is: does this firewall mitigate all the risks associated
with predictible ip ids?



Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk

For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]