Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: Idle Scanning behind stateful firewalls
From: Paul Johnston <paul () westpoint ltd uk>
Date: Fri, 26 Mar 2004 10:40:10 +0000


For idle scan to work, SYN ACK packets from the target host must get through to the zombie. If these don't get through then the scan won't work, regardless of what packets nmap uses to probe the ipid on the zombie.


But, because nmap uses a SYN/ACK, its probes get dropped by any stateful
devices (coz they aren't part of an active connection), preventing their use
as zombies.
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul () westpoint ltd uk
web: www.westpoint.ltd.uk

For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List archive: http://seclists.org

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]