As a bit of background for the -sI option take a look a the following url: http://www.sans.org/infosecFAQ/audit/hping2.htm
I have been using hping to do Idle Scans for a while now and if the conditions are right it can work very well. I have also been using the -sI option in nmap since it was first introduced and it too also works very well if the conditions are right. -----Original Message----- From: Paul Schmelzel [mailto:[EMAIL PROTECTED]] Sent: Tuesday, November 20, 2001 9:18 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Using Nmap to send Spoofed packets You can use the decoy option (-D ). Read the man pages on nmap for more information. A side note is that you might also want to look at the -sI option for a truly blind scan. I have never used the latter so I can't give details. >From: [EMAIL PROTECTED] >Reply-To: [EMAIL PROTECTED] >To: [EMAIL PROTECTED] >Subject: Using Nmap to send Spoofed packets >Date: Tue, 20 Nov 2001 14:35:08 +0800 > >Hey people, > >I read an article at http://www.sans.org/top20.htm that said that ontop of >the portscanning abilities of nmap, it also has the functionality to "send >decoy packets or spoofed packets to test for" spoofed IP filtering (at the >routers and firewall). > >Although I have used Nmap to for the obvious, I am interested of how to >execute this functionality to test for, or if the anti-spoofing ACL/FW >drop filters are inplace for internal, reserved, mulitcast, and RFC1918 >addresses. > >Any help appreciated... :) > >Regards, >Nick _________________________________________________________________ Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
