Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Tool for sending malicious traffic to destination system
From: "John Forristel (SunGard-Chico)" <John.Forristel () sungardbi-tech com>
Date: Wed, 2 Jan 2008 06:39:18 -0800

If I understand the problem, you need to gather information from a
remote machine without tripping the IPS.  Or change your scanner to not
trip the IPS.

The first method takes me back a while, so I had to look it up.  It
would require finding a machine that returned packet with sequential
numbers.  Most these days are random, or random enough where it makes no
difference.  The method is found at
http://insecure.org/nmap/idlescan.html

The other way is to slow your scans enough where the IPS server won't
trigger and block your packets.  In NMAP, you can do this by setting the
-t option to 2, 1, or 0 to slow its down.  Of course, this take a lot
more time, but it is patience that counts in the pentest game.  

Personally, I use Nessus in conjunction with NMAP.  I use a setting of
-t2 and let it go on the subnet.  This can take a couple of days, but
who cares.  I never schedule a pentest without three weeks of time,
minimum.  Once I can look at what it open/filtered/closed, I tailor the
Nessus session to look at the particular services, not just slam the
whole thing.  I set Nessus to scan one target at a time (the default it
4).  I use Metasploit with the same methodology.  Metasploit is more
granular, and the proof is far more convincing to a client.

However, if you goal is to send malformed packets only, Scapy is the
tool you are looking for, NMAP doesn't do that.

John



-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Ravi
Sent: Sunday, December 30, 2007 9:29 PM
To: kish_pent () yahoo com; pen-test
Subject: Re: Tool for sending malicious traffic to destination system


Hi Kish & list,

I'm kinda looking to do a decoy scanning with traffic similar to Nessus.

I understand I can't do decoy scanning with Nessus. So if there is a 
tool that could send malicious traffic like Nessus to my target that 
would be it!!! I'm basically trying to test a network that blocks my IP 
when I scan with Nessus. I want to prove to customer that I can spoof a 
source IP that would be blocked by your IPS leading to a DoS issue.

Thax.

Kish Pent wrote:
Hey ,

You must define what you mean by malicious traffic
before crafting it, based on which the tool can be
selected. Your aim is to send malformed packets which
in other words you're trying to interpret as malicious
 traffic. By the way, nmap is no example for sending
malicious traffic. Scapy is a very good packet
crafting tool, and it can be used for subsequent
port-scanning, protocol analysis, and best of all,
it's just THE tool for packets. (it can do what hping
can do for you, it can do what nmap,unicornscan or
some other tools can do for you)

You might also want to check out the www.secdev.org
website, Philippe Biondi from EADS has written the
tool, and given some excellent docs and ppt(s) out
there.

Cheers :)
Kish

--- Ravi <whitehaat () gmail com> wrote:

  
Hi guys...

Can anybody help me in finding a tool like 'nmap-(-D
decoy)' which can 
send some malicious content  to a system...



Thanks & Regards,

Whitehaat




    

------------------------------------------------------------------------
  
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE
today!

http://www.cenzic.com/downloads

    

------------------------------------------------------------------------
  
    


--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar, 
Chennai - 600 017




------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]