Download
1 / 3
30 likes | 124 Views
The Idlescan technique offers unparalleled stealth in Nmap scanning by exploiting predictable fragmentation behaviors of certain operating systems. It involves using a "zombie" to mask the scanner's identity and leveraging IPID numbers to analyze target responses. This technique uncovers IP-based trust relationships without directly sending packets to the target, making it a powerful tool for network investigation. The zombie must meet specific criteria to successfully execute the scan, ensuring reliable results. Discover the potential of Idlescan for discreet network analysis and security assessments.
E N D
-sI Idlescan • Greatest stealth of any nmap scan - Completely “blind” scanning - no packets are sent to target from machine running nmap • Investigate IP-based trust relationships of target network
Idlescan technique • Exploits OS’s that predictably increment their fragmentation ID numbers (IPID) whenever they send a packet • Zombie used to mask the original source of the scan must have this property - excludes OpenBSD, Solaris, recent Linux • A Zombie candidate must also be “idle” - no network traffic during scan other than communication with nmap machine - nmap will rely on IPID number of zombie to determine how the target has responded to the zombie with respect to the forged portscan • Zombie must be susceptible to responding to SYN/ACK packet with a RST packet which nmap derives the IPID from • Nmap automatically tests reliability of zombie
