Comments on: stealth techniques – syn http://www.darknet.org.uk/2007/06/stealth-techniques-syn/ Ethical Hacking, Penetration Testing & Computer Security Tue, 14 Feb 2012 00:17:07 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: backbone http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59550 backbone Fri, 15 Jun 2007 09:36:46 +0000 http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59550 in some cases you may be right shadow... but not everybody has an IDS/IPS... and believe me I infiltrated many hosts/website which haven't got protection at all... why waste my time? well if you didn't know darknet is based on the motto: "share your knowledge"... so then why not share it... in some cases you may be right shadow… but not everybody has an IDS/IPS… and believe me I infiltrated many hosts/website which haven’t got protection at all… why waste my time? well if you didn’t know darknet is based on the motto: “share your knowledge”… so then why not share it…

]]> By: shadow http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59514 shadow Thu, 14 Jun 2007 17:54:04 +0000 http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59514 Why even waste time explaining the techniques for xmas, null, and fin scans? xmas scans = pulling the IDS/IPS fire alarm. Null = another IDS/IPS fire alarm. FIN scan = not gonna bypass any firewall worth a grain of salt, unless it was developed back during the Cold War. All three should be known for historical reasons though. IMHO, the only tcp based scanning techniques worth anything are full connection scans (extremely low and slow), and idle scanning with an intelligent script that can identify enough idle zombies to guarantee reliability. Syn scans used to be worth something however a high number of syn packets with no follow up creates a telltale sign of reconnaissance activity; so if you are really trying to be sneaky you might as well just do a full connect scan so it at least appears to be normal connection attempts that suffered from some application error. On the other hand if you're not worried about stealth and just want a quick scan use a syn scan (much faster when since you don't have to wait for 3-way handshake to complete. Why even waste time explaining the techniques for xmas, null, and fin scans? xmas scans = pulling the IDS/IPS fire alarm. Null = another IDS/IPS fire alarm. FIN scan = not gonna bypass any firewall worth a grain of salt, unless it was developed back during the Cold War. All three should be known for historical reasons though. IMHO, the only tcp based scanning techniques worth anything are full connection scans (extremely low and slow), and idle scanning with an intelligent script that can identify enough idle zombies to guarantee reliability. Syn scans used to be worth something however a high number of syn packets with no follow up creates a telltale sign of reconnaissance activity; so if you are really trying to be sneaky you might as well just do a full connect scan so it at least appears to be normal connection attempts that suffered from some application error. On the other hand if you’re not worried about stealth and just want a quick scan use a syn scan (much faster when since you don’t have to wait for 3-way handshake to complete.

]]> By: s1n http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59472 s1n Wed, 13 Jun 2007 12:00:00 +0000 http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59472 I recommend "scapy" as can be scripted and expanded on much easier: http://www.google.co.uk/search?hl=en&q=scapy&btnG=Google+Search&meta= I recommend “scapy” as can be scripted and expanded on much easier:

http://www.google.co.uk/search?hl=en&q=scapy&btnG=Google+Search&meta=

]]> By: backbone http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59434 backbone Tue, 12 Jun 2007 14:49:37 +0000 http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59434 yes, i did mean waiting =)... yes, i did mean waiting =)…

]]> By: nTze http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59421 nTze Tue, 12 Jun 2007 10:07:13 +0000 http://www.darknet.org.uk/2007/06/stealth-techniques-syn/#comment-59421 Thanks for that post dude, very good idea :) Btw, did you mean "waiting"? "Now for the moment we all were [[ wainting ]] for:" Thanks for that post dude, very good idea :)
Btw, did you mean “waiting”?

“Now for the moment we all were [[ wainting ]] for:”

]]>