Re: Tool for sending malicious traffic to destination system

Hey Ravi,

Hope you got the basic idea, you need a tool like
scapy for packet crafting attacks, you can't do much
with nmap for packet crafting, even though you're
mentioning a new word now... to spoof with nmap is
possible using the -S option. Basically stop using
automated tools like Nessus for a penetration test.

Nessus is recommended if you're on a pen-test with
considerable amount of machines. I've seen a lot of
people misconcept and use nessus in web-pen tests will
all options enabled (SQL injection checks and other
relevant checks are enough)

If you want to check what device is sitting in between
you and the target, do some network device testing
using tools like yersinia or fragroute. You can
ofcourse use scapy very well, provided you know some
python scripting.

There's a considerable amount of things that must be
in place to get things right. For now I'll conclude
saying that "don't use nessus" for one host or two
hosts and use other tools like amap,nmap and firewalk
in conjunction with nessus or use them inside nessus
(results or just the tool itself).

There's a book on Nessus called Nessus Network
Auditing, from Syngress while you can alternately read
their documentation. If your goal is to spoof, just
spoof don't scan with Nessus or Nmap.

If you're in doubt, refer to the nmap documentation
here about Firewall / IDS evasion.
http://insecure.org/nmap/man/man-bypass-firewalls-ids.html

Cheers :)
Kish

--- Rolando Ruiz <jayro2809@xxxxxxxxx> wrote:

Would bouncing the scan of a, say FTP server do what
you want it to? All
you're looking to do is make it seem as if it's
coming from another host,
right?

On Dec 31, 2007 12:29 AM, Ravi <whitehaat@xxxxxxxxx>
wrote:


Hi Kish & list,

I'm kinda looking to do a decoy scanning with
traffic similar to Nessus.
I understand I can't do decoy scanning with
Nessus. So if there is a
tool that could send malicious traffic like Nessus
to my target that
would be it!!! I'm basically trying to test a
network that blocks my IP
when I scan with Nessus. I want to prove to
customer that I can spoof a
source IP that would be blocked by your IPS
leading to a DoS issue.

Thax.

Kish Pent wrote:
Hey ,

You must define what you mean by malicious
traffic
before crafting it, based on which the tool can
be
selected. Your aim is to send malformed packets
which
in other words you're trying to interpret as
malicious
traffic. By the way, nmap is no example for
sending
malicious traffic. Scapy is a very good packet
crafting tool, and it can be used for subsequent
port-scanning, protocol analysis, and best of
all,
it's just THE tool for packets. (it can do what
hping
can do for you, it can do what nmap,unicornscan
or
some other tools can do for you)

You might also want to check out the
www.secdev.org
website, Philippe Biondi from EADS has written
the
tool, and given some excellent docs and ppt(s)
out
there.

Cheers :)
Kish

--- Ravi <whitehaat@xxxxxxxxx> wrote:


Hi guys...

Can anybody help me in finding a tool like
'nmap-(-D
decoy)' which can
send some malicious content to a system...



Thanks & Regards,

Whitehaat







------------------------------------------------------------------------




--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017

Phone: 91 98841 80767


--
Kishore, Penetration Tester,
17/1,Upstairs,Sarojini St,
Smart Security, T.Nagar,
Chennai - 600 017

Phone: 91 98841 80767


____________________________________________________________________________________
Be a better friend, newshound, and
know-it-all with Yahoo! Mobile. Try it now. http://mobile.yahoo.com/;_ylt=Ahu06i62sR8HDtDypao8Wcj9tAcJ


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Relevant Pages

  • Questions: nmap, nessus unreliability, setting up a packet capture box, using Impacket
    ... How reliable have people here found nmap and nessus to be? ... encountered cases of nmap not finding ports, ... to facilitate one-on-one interaction with one of our expert instructors. ...
    (Pen-Test)
  • Re: Importing Security Product Output Into A Database
    ... A very incomplete list would include nmap, nessus, cisco, tipping point IPS, AD servers, syslog and checkpoint. ... Can you give examples about good SIM tools that do the work? ...
    (Security-Basics)
  • Re: Open ports
    ... Yaa I found this typical behavior with NMap & Nessus earlier when I did PT-VA. ... In that case it was because of the Weak configuration/Defect in Client's Application Proxy. ... Get 45 Min Video and PPT Slides ...
    (Pen-Test)
  • [SLE] Still having problems with Nessus/nmap on SuSE 9.0
    ... Nessus, a tool we rely on here to test servers before they go live, does ... Mads just posted an rpm of nmap 3.50 for me to try, ... I have been in contact with SuSE tech support who tell me ... but mostly it was "Complain to SuSE and get them to fix their kernel". ...
    (SuSE)
  • [SLE] SuSE 9.0 + nmap + nessus
    ... I did not use the nessus + nmap combination since I upgraded to 9.0. ... But, there is no so much useful advice there - some blame SuSE, others ... TIA, TIA, TIA ...
    (SuSE)