Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Idle (Witness) Scanning

Re: Idle (Witness) Scanning

From: Filipe Jorge Marques de Almeida <filipe_at_rnl.ist.utl.pt>
Date: Fri, 3 May 2002 03:16:48 +0100

On Sat, Apr 27, 2002 at 11:52:54AM +0300, Evrim ULU wrote:
> So, is there a way to identify open and close(filtered) ports inside
> nat? or w2k assigns different id numbers for different ether interfaces?

Yes there is, but not by using SYN scanning because there will always be a
reply to the SYN (either SYN/ACK or RST).
Try sending FIN's istead of SYN's to the host. If the port is closed the id
should increment by 512, and by 256 if it's open. 

--
Filipe Almeida
aka LiquidK
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on May 05 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]