Home page logo

pen-test logo Penetration Testing mailing list archives

Re: IPS Testing
From: Daniel Clemens <daniel.clemens () packetninjas net>
Date: Mon, 14 Jan 2008 16:23:30 -0600

On Thu, 2008-01-03 at 14:26 +0530, pentestr wrote:


I am doing a PT for a customer and found that after running nessus against the target our IP is getting blocked permanently. I want to show this issue to the customer. 1. Is there any specific tool that can generate nessus traffic by spoofing IPs? 2. Is there any tool that can change IP on the fly? While running nessus that should change source IP?

You can spoof your ip with Nmap, or even unicornscan.
The problem is you will basically be spoofing the initial SYN request , assuming your upstream provider doesn't do ingress/egress filtering.

I want to confirm this issue of the IPS. If the IPS is blocking traffic then by spoofing other IP I can block service to them and It will become a CRITICAL issue because an attacker can spoof IP ranges and it could lead to DOS.

If your trying to prove this point you may want to spoof traffic coming from all the DNS root servers or traffic coming from and the upstream routers of your client's subnet.

-Daniel Clemens

This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]