Try compiling it this way:

-gcc -o 1258 1258.c

let me know what you get

Can you type the command you entered when compiling, also what was the exact error output you got? paste please 

refer http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,5456.msg28488/topicseen,1/

also http://www.ethicalhacker.net/component/option,com_smf/Itemid,54/topic,4295.0/

zeroflaw.. sorry to hear that, failing leads to success, you will get it sooner or later . I am planning to join OSCP sometime this year, even though i've seen scary reviews all around about the exam. (this is not one of them :p)

A few questions to who ever took this course, do they teach you python or C? I am trying to improve my programming skills in Assembly (also memory mapping) + C before entering the OSCP, that actually helped me understanding Buffer Overflow concepts, do you guys have to program or something during the exam?

Cheers!

The word you're looking for is "Anonymity", beside of what you have mentioned, there are various other techniques: (HTTP Proxies, VPNs, SSH Tunneling...etc). For me, I would look at it like this; there are different techniques, each is suitable for a certain situation, ignoring the fact that whether those are old or modern techniques, it does not really matter as long as you accomplish your goal.

          There is no doubt that information gathering is one of the topics that hackers are most required to master, this is constituted of active and passive scanning. It is believed that active scanning is an essential factor for a successful penetration testing project. While this is extremely powerful, it is also complex. Hackers choose between different scanning techniques depending on the situation they are facing when mapping the network. Moreover, hackers are mostly concerned about their identity exposition during this process. However, there are several techniques that have been developed to avoid this, one of the most significant methods is idle scanning, and it is considered as one of the stealthiest scan types, idle scanning can also expose targets through a trusted host. So what is idle scanning? How does it hide the attacker’s IP? And how is it performed?

          Idle scan is the process of detecting a target’s ports and running services through an idle host using spoofed IP address technique along with the observation of the ID IP (identification IP) changes. This procedure is carried out successfully with the help of Source Address spoofing and Identification detecting in the IP header. To understand this concept, the IP header will be examined, along with the Identification and the Source Address fields and how they can be exploited in order to perform the idle scan.

          This will be shown by analysing a simple SYN scan type first, followed by an idle scan, a SYN scan is known as a half open connection, the attacker will firstly send a SYN packet using a scanning tool (example: NMAP, hping2..etc) to the target as shown below.


Next, a SYN/ACK packet is sent back to the attacker.
          

Lastly, the attacker will end the connection with a RST packet (RST flag= 1).

         
         This scan type will obviously expose the attacker’s IP address to the target. Now let us see how the idle scan differs from the SYN scan. The first step of performing an idle scan is to find an idle host, speaking of which, what is an idle host? A host that is online and is not currently receiving or transmitting packets, for example, if you left your laptop on while taking a shower, at that time, your computer is at the risk of being an idle host, thus, taking the blame for a filthy scan attack! What are the reasons behind this?

Step one-Finding an Idle host:

          It is possible to determine whether or not the host is idle by analysing its Identification field in the IP header.                              




Hang on, what is the purpose of the identification field? It mostly contributes to the fragments implementation; this is accomplished by incrementing the ID IP’s (Identification) internal counter by 1 every time a datagram is sent over a network in order to avoid the confusions of datagram fragments. The operation system however is in charge of this. So, a host that increment by 1 is idle, this can be examined and caused by the Attacker as shown below:


Target’s ID IP (Identification IP) value = 1234, this is before the Attacker sends interacts with the Target (no packets are sent).


Target’s ID IP (Identification IP) value = 1235? Nope, it’s still 1234, the Target did not send packets yet!

                     
Target’s ID IP (Identification IP) value = 1235! The Target sent a packet, so its ID IP has incremented by 1.


          This process is repeated couple of times to ensure that the Target’s ID IP is incremented by 1 (1235) every time a packet is sent, the value 1235 then is then placed in the identification field of the IP Header, Thus, an increase in the ID IP by 1 means that the host sent a packet (in this situation the Target is sending a packet back to the Attacker). When repeating this process for a second time the ID IP of the target will turn to 1236, and so on. In contrast, no change in ID IP simply means no packets were sent, also, an increment of different values (example: +2 +6 +3..etc) just means that the host is not idle; it is receiving more than one packet at a time, therefore not suitable to be used as an idle host.

Testing identification tracing of an idle host in a lab:

                    Now a real example is performed using Hping2 tool, for this lab, the Attacker machine is Backtrack 5, idle host machine however is Windows7, and finally Ubuntu is used as the main target. The aim here is to trace the ID IP of the RST packet that is coming from the idle host to Attacker.

   
Hosts IPs on this example:
                                Idle host (Windows7)   = 192.168.1.10
                                Target (Ubuntu)          =  192.168.1.14

One way to do this is to use the command:

hping2 –S [IP] (in this situation the [IP] is the windows7 host)
•   -S; sets the SYN flag up.


It can be clearly seen how the ID IP is incrementing by 1, from 19695 to 19706 (11 packets), thus, this host can be used as a Zombie (the term Zombie is often referred to the idle host). After “Identification IP” is analysed in theory and practice, it’s time to move on to the next step.


Step two-Attacking the target through the idle host:

          Now it is possible to scan the target through the idle host founded, for the purpose of hiding our own IP address. Although there is another powerful advantage of this development discussed later on. As mentioned before, “Source Address” is another factor that contributes to a successful idle scan beside Identification IP, the goal here is to scan the target using the idle host’s IP address (IP Spoofing).

Firstly, observations of the idle host’s ID IP need to be noted, so, by first typing the corresponding command as mentioned before:

hping2 –S [Idle host IP]

While this command is running on the idle host, a spoofed SYN packet needs to be sent to the target using a specific port that we are interested in (the idle host's IP is spoofed). to test this, run the command:

hping2 –a [idle host IP] –S –p 23 [Target’s IP] –c 1
•   -a; spoof source address.
•   -p; destination port.
•   -c; packet count (to control how many packets are sent).

In other words, what we are really trying to do is recording the idle host’s ID IP, while sending a group of spoofed SYN packets to the target at the same time, remember the main goal is to determine the status of a port on the target without exposing the attacker’s IP address, Graph.3 shows this process:


Next, if the port we are examining (23 in this case) exists on the Target, the Target will respond to the idle Host with a SYN/ACK packet as shown in Graph.4
 

Note that until this stage, the idle host’s ID IP is increasing by one every time a RST packet is sent to the Attacker. From Graph.4 the idle host received an unexpected SYN/ACK packet from Target, Graph.5 shows how the idle host deals with this situation.


As it can be seen in Graph.5, a RST is sent to the Target as well to the Attacker, this will cause the ID IP of the idle host to increase by 2 (4114), and thus, an increase by two indicates that the port we are testing is open, what would happen if the port is closed? You guessed it right! the idle host in most cases will receive a RST packet, as a result the ID IP of the idle host will continue to increase by 1 only, in addition, if the port is filtered, the target will not send any packets back to the idle host, hence, ID IP will have +1 increase.

The analysis shown in Graph3, Graph4, and Graph.5 will be summarized and shown in action. After the idle host is founded by the steps mentioned earlier, the ID IP of the idle host is noted, and at the same time a spoofed packet is sent to the target, the following results are the outcomes of two commands:

hping2 –S [Idle host IP]
hping2 –a [idle host IP] –S –p 23 [Target’s IP] –c 1


By looking at the id field in the graph, it can be concluded that the port 23 is open in the Target host, the id field (ID IP of idle host) is increasing by 1 from 29957 to 29961, then it is incremented by two in the next packet's ID IP (29963), note that 29962 is missing because two RST packets are sent from the idle host to both Attacker and Target.

In conclusion, this scan type can have a huge effect when it comes to stealth scanning. Additionally, this is not the only advantage of this scan type, as it can be also used to identify a host, through a trusted host (example: printer to a server or a workstation). However, this tactic is blocked sometimes by firewalls, and a few of new Linux operation systems, yet evading those is still possible, the next tutorial will discuss how firewalls, and trusted hosts are included in idle scanning.

This reminds me of the question: "How do I become a good engineer?

Hey there newbie,


There is no such thing called "The best best and east way to learn", it all depends on you and what you are comfortable with. However the most common method is to grab a book that you like, study and EXERCISE, reading and understating a topic in java, will get you nowhere unless you practice the content and keep coding for hours, beside books, there are some free tutorials online.
Having no programming experience, will not make the job easier especially when it comes to java, but trust me once you get the concept of java, learning other programming languages will be alot easier.



The guys who made java are the best to get certified from, "Sun Java Certification" another good one is provided by Oracle, bear in mind, being certified in java, doesn't mean you can solve real problems in real world, the best certification you can get is called "experience".


I haven’t had experience learning java from institutes, sorry can't help you with that, although you might want to visit oracle's website I heard they do some java courses online.


For a beginner, I would say start with the book: "Head First Java, 2nd Edition by Kathy Sierra and Bert Bates", if you had some very basic experience I would recommend "Big Java", but do not start with Big Java as it does not provide any solutions to the exercises in book.

Lastly, have fun  

Regards

PS: If you needed help on any Java topic PM me I'd be happy to help.

What is you router manufacturer/model?

ISP should reset your password by your request at no charge! even if you lost it more than once, I never heard of an ISP that charges or send a technician only to reset the password, it could be done over the phone.

I've gone through some topics of CCNA book + TCP/IP Illustrated, they mainly focus on theory while this book focus on how to set up a network lab and experiment on it, that is why it brought my attention.

Hi

Trying to get more practice on networks, why everyone going straight to security/penetration testing related books when there are other subjects that would introduce great deals for pentesters, I'm thinking about buying this book, any one read it? its more a practical book includes steps for setting your own network lab, also provides exercises.

"TCP/IP Essentials: A Lab-Based Approach"
http://www.amazon.com/TCP-IP-Essentials-Lab-Based-Approach/dp/052160124X/ref=sr_1_7?ie=UTF8&qid=1339305260&sr=8-7


Thanks

TCP/IP Illustrated is the bible of TCP/IP, it goes depth in details, reading this book is not like reading any other one, you will never regret buying it, IMO its a must have book for every one who is interested in networks for beginners/pros.

That line cracked me up

Welcome to the "white hats" forum