mailing list archives
Re: Zombie Test Flag
From: "Ron (list)" <ron () skullsecurity net>
Date: Fri, 27 Jun 2008 09:38:47 -0500
James Stephenson wrote:
I had an idea for a useful feature. Please excuse if such a feature
already exists but I didn't see it. In short I think it would be useful
for there to be a flag specifically to check if a system is a likely
candidate to be useful as a zombie system.
That's a cool idea for a flag, I don't think it exists right now. You
can, however, use hping3 to do that (I shortened the lines for brevity):
bash-3.1$ sudo hping3 -S -p 135 10.100.254.141
HPING 10.100.254.141 (eth0 10.100.254.141): S set
len=46 ip=10.100.254.141 ttl=128 id=30834 ...
len=46 ip=10.100.254.141 ttl=128 id=30835 ...
len=46 ip=10.100.254.141 ttl=128 id=30839 ...
len=46 ip=10.100.254.141 ttl=128 id=30848 ...
len=46 ip=10.100.254.141 ttl=128 id=30857 ...
len=46 ip=10.100.254.141 ttl=128 id=30862 ...
Note the id column -- that'll tell you whether or not it's a likely
candidate by whether or not it's incrementing, and if it's incrementing
by one. I was using Terminal Services on that system while I did that
test, to ensure it woudl jump by a lot.
Hope that helps!
Sent through the nmap-dev mailing list
Archived at http://SecLists.Org
- Zombie Test Flag James Stephenson (Jun 27)
- Re: Zombie Test Flag Ron (list) (Jun 27)