The Ethical Hacker Network - Port Scan from random Source IP's

Latest Additions

Who's Online

EH-Net News Feeds

Latest Additions

EH-Net > Ethical Hacking Discussions and Related Certifications > Network Pen Testing (Moderator: don) > Port Scan from random Source IP's

Pages: [1] Go Down

« previous next »

	Author	Topic: Port Scan from random Source IP's (Read 2354 times)
0 Members and 1 Guest are viewing this topic.

scuccii

Newbie

Offline

Posts: 17

Port Scan from random Source IP's

« on: October 21, 2010, 09:26:06 AM »

I've read about Dynamic port scanning, but the I thought that the spoofed IP's needed to be within the same subnet? Cany anyone help me out here?

thanks


	Logged

Ketchup

Hero Member

Offline

Posts: 1006

Re: Port Scan from random Source IP's

« Reply #1 on: October 21, 2010, 09:51:00 PM »

NMAP has a variety of spoofing and IDS evasion options available. They are very well documented here:

http://nmap.org/book/man-bypass-firewalls-ids.html

In general, if you want to spoof an IP address, you have to have control of that address in order for you to get a reply. This is just due to the design of the TCP/IP protocol suite. You don't always care if the spoofed packets come back to you. Sometimes, you just want to flood the IDS with a bunch of random sources masking the actual port scan. A really stupid IDS will make it difficult for the operator to detect your port scan.


	Logged

~~~~~~~~~~~~~~
Ketchup

tturner

Sr. Member

Offline

Posts: 329

Re: Port Scan from random Source IP's

« Reply #2 on: October 22, 2010, 08:33:06 AM »

Idle scanning is useful for detection evasion. You don't actually need to receive the replies from your scans as long as you've identified a nice quiet host to spoof and you don't have to control that address either, but you will need access to it.

http://nmap.org/book/idlescan.html


	Logged

Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GSEC, OPSE, CSWAE, VCP

Next 6 months: GCIH, CSTP, STI MSISE

hell_razor

Jr. Member

Offline

Posts: 83

Re: Port Scan from random Source IP's

« Reply #3 on: October 22, 2010, 09:56:43 AM »

tturner - why do you need access to the idle host? I think you just need to have an open tcp port to use for the idle scan to increment the IP ID, but you don't need anything further. Or did I misunderstand and you meant access as being such?


	Logged

A+, Network+, Server+, CISSP, GSEC, GCIH, GPEN, GCIA, GISP, GCFW

dante

Jr. Member

Offline

Posts: 58

Re: Port Scan from random Source IP's

« Reply #4 on: October 22, 2010, 10:05:47 AM »

By "access" i guess tturner meant network access to the idle host... Otherwise the change in the sequence no cannot be realized by the attacking host..


	Logged

tturner

Sr. Member

Offline

Posts: 329

Re: Port Scan from random Source IP's

« Reply #5 on: October 22, 2010, 10:35:12 AM »

I mean network access. Meaning you can't target a host behind a NAT'd firewall and use another spoofed host on that same network unless you can directly communicate with it. You absolutely do not need any kind of privileged access.