Re: IPID sequencability class is: All zeros (Nmap Idle Scan with zombiehost)

On Sat, 8 Dec 2007 22:54:17 +0000, infolookup@xxxxxxxxx wrote:
Not to pretend to be gay but I think you are better off going to the authors
website, there is also a mailing list just for the app..


As stated on the Nmap Idle Scan documentation:

"The first step is to find an appropriate zombie host. The host should not have much traffic (hence the name Idle Scan) and should offer predictable IPID values. Printers, Windows boxes, older Linux hosts, FreeBSD, and Mac OS boxes generally work fine. The latest versions of Linux, Solaris, and OpenBSD are immune as zombies, but any host can be a target of the scan. One way to determine host vulnerability is to simply try an Nmap Idle scan. Nmap will test the zombie and report whether it is reliable."

So I assume Nmap is saying to you that the zombie chosen is protected against an idle scan which, almost after then years the technique was released, seems to be finally patched on Windows. Yeha!


echo "dpefsAgmv{p/psh" | perl -pe 's/(.)/chr(ord($1)-1)/ge'
GnuPG key ID 0x6D2FF8B5 @