Home page logo

pen-test logo Penetration Testing mailing list archives

Re: IPS Testing
From: "JosŽé M. Palazón Romero" <josem.palazon () gmail com>
Date: Mon, 14 Jan 2008 21:30:26 +0000


I am doing a PT for a customer and found that after running nessus
against the target our IP is getting blocked permanently. I want to show
this issue to the customer.
1. Is there any specific tool that can generate nessus traffic by
spoofing IPs?
2. Is there any tool that can change IP on the fly? While running nessus
that should change source IP?

The server have only port 80 Open.

Thank you.

You can spoof your IP, and your client would be anonymously attacked, but you wouldn't have any results from nessus. You should be the one behind the faked IP to get the answers from the server, but keep in mind that if you fake to a single IP, that will be blocked too.

I would suggest to restart your attack (from another IP if you are really permanently blocked) configuring nessus (or any other scanner you are planning to use) to spaciate in time your probes. Spaciate them a lot, minutes, you are not suppose to be in any hurry, so just let the scanner gently do its job and gather the results 24 or 48 hours later.

BTW, if you are concluding that the only open port is 80 based on your scans, consider that you are being blocked after the first few tries, so in case that there are more open ports, you wouldn't know it.

BTW 2, at least you already have one thing for your report, your client is vulnerable to a total DoS via a simple decoy scan.



This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]