In order to scan a network , we have to bypass the firewall or IDS systems . However , I found that the old techniques of nmap / P0f do not work most of the time with the strong & new firewalls or IDS . My question is there a way to craft fragmented packets with certain time delays that can bypass these obstacles and do not trigger any alarms.
I have been using the usual scanning technique/ fragmentation , but want to improve it as to be able to customize special bypassing packets.
6 Responses
Try using hping3.
I tried something like this : hping3 192.168.0.10 –tcp –spoof 192.168.1.150
Any other suggestion ??
hping3 has many, many options including fragmentation. The approach is going to be dependent upon the firewall.
I'm not sure why you spoofed the IP. If you got through the firewall, the response is going back to the spoofed IP.
Most IDS and firewalls have a time threshold. If you slow down the scan, you can often get past them.
Is there away to customize the fragments and time delay in Hping3
I did get some results but not much .
I used : hping3 --scan - 1-1000 -S -f 192.168.1.20
Note: I tired different flags too (R / F) .
Can you inject another ip (our ip) in each request?
Sorry, I dont speak English very well.
Share Your Thoughts