Home page logo
/

nmap-dev logo Nmap Development mailing list archives

Re: Zombie Test Flag
From: "Ron (list)" <ron () skullsecurity net>
Date: Fri, 27 Jun 2008 09:38:47 -0500

Hey James,

James Stephenson wrote:
I had an idea for a useful feature. Please excuse if such a feature 
already exists but I didn't see it. In short I think it would be useful 
for there to be a flag specifically to check if a system is a likely 
candidate to be useful as a zombie system. 

That's a cool idea for a flag, I don't think it exists right now. You 
can, however, use hping3 to do that (I shortened the lines for brevity):

bash-3.1$ sudo hping3 -S -p 135 10.100.254.141
HPING 10.100.254.141 (eth0 10.100.254.141): S set
len=46 ip=10.100.254.141 ttl=128 id=30834 ...
len=46 ip=10.100.254.141 ttl=128 id=30835 ...
len=46 ip=10.100.254.141 ttl=128 id=30839 ...
len=46 ip=10.100.254.141 ttl=128 id=30848 ...
len=46 ip=10.100.254.141 ttl=128 id=30857 ...
len=46 ip=10.100.254.141 ttl=128 id=30862 ...

Note the id column -- that'll tell you whether or not it's a likely 
candidate by whether or not it's incrementing, and if it's incrementing 
by one. I was using Terminal Services on that system while I did that 
test, to ensure it woudl jump by a lot.

Hope that helps!

Ron

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org


  By Date           By Thread  

Current thread:
  • Zombie Test Flag James Stephenson (Jun 27)
    • Re: Zombie Test Flag Ron (list) (Jun 27)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault