Idle Scanning with Nmap and Metasploit

Idle Scanning allows blind port scanning. We can scan a target without sending any packets to this target, from our own IP address, while spoofing the IP address of another host on the network. Idle scanning allows us to be stealthy and let us discover IP based trust relationships between machines.

To achieve this type of scan we will need to locate a host that is idle on the network. Metasploit contains the module scanner/ip/ipidseq to scan for an idle host on the network. Let’s run scanner/ip/ipidseq module to discover an idle host on the net. Type:

use auxiliary/scanner/ip/ipidseq

hit enter

set RHOSTS 192.168.238.0/24

hit enter

set THREADS 50

hit enter

run

hit enter

To scan host 192.168.1.100 for example using zombie pc at 192.168.1.200, we use
nmap:

nmap -PN -sI 192.168.238.200 192.168.238.100

 
This post is part of my article about metasploit which was originally published in PenTest Magazine, August issue.

Categories: Metasploit, NMAP Tags: , , ,
%d bloggers like this: