Home page logo
/

pen-test logo Penetration Testing mailing list archives

AW: IPS Testing
From: Jörg Weber <j.weber () infoserve de>
Date: Tue, 8 Jan 2008 17:59:37 +0100

Well,

I have achieved this by configuring a Linux iptables Gateway for me.

you essentially found out how NAT works. Like, how Source NAT works. Or masquerading. It has nothing to do with IP 
source address spoofing, and just as Alexander Klimov explained, spoofing source IPs with TCP sessions is hard these 
days.

Try to read up on the topic first. Like, how it's been done back then: http://www.gulker.com/ra/hack/tsattack.html

Good luck!

Joerg

-----Ursprüngliche Nachricht-----
Von: listbounce () securityfocus com [mailto:listbounce () securityfocus com] Im
Auftrag von pentestr
Gesendet: Samstag, 5. Januar 2008 09:35
An: Pentest Mailinglist
Betreff: Re: IPS Testing

Hi,

I have achieved this by configuring a Linux iptables Gateway for me.
With following configuration. I can run nessus in one of my systems and
that will go through this gateway and the packet will show it is coming
from the Spoofed IP.

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERAD
iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED
-j ACCEPT
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
iptables -t nat -I POSTROUTING -o eth0 -j SNAT --to <spoofed IP>

Discussion/suggestion/advices/etc are welcome.
Regards.
PenTestr.


Hi,

I am doing a PT for a customer and found that after running nessus
against the target our IP is getting blocked permanently. I want to show
this issue to the customer.
1. Is there any specific tool that can generate nessus traffic by
spoofing IPs?
2. Is there any tool that can change IP on the fly? While running nessus
that should change source IP?

The server have only port 80 Open.

Thank you.
Regards.
PenTestr.

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault