viernes, 6 de agosto de 2004

Escanear con hping spoofeando usando un zombie host

Post de antirez

The Players:


host A - evil host, the attacker.
host B - silent host.
host C - victim host.


- Se comprueba que el host B es "idle" viendo que no aumenta el "id"
nuestros paquetes (+1)
#hping B -r
HPING B (eth0 xxx.yyy.zzz.jjj): no flags are set, 40 data bytes
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=0 ttl=64 id=41660 win=0 time=1.2 ms
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=1 ttl=64 id=+1 win=0 time=75 ms
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=2 ttl=64 id=+1 win=0 time=91 ms
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=3 ttl=64 id=+1 win=0 time=90 ms
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=4 ttl=64 id=+1 win=0 time=91 ms
60 bytes from xxx.yyy.zzz.jjj: flags=RA seq=5 ttl=64 id=+1 win=0 time=87 ms

-Se envian paquetes a C spoofeando con B mientras se comprueban los ids en otra ventana
#hping C -a B -S

--------------------------
nmap lo soporta con -sI