I just read this example and explanation (below) in the OReilly book Security Power Tools (2007) in section 6.3 that is written by the creator of Scapy, Philippe Biondi. I think the example is very interesting, but I don't understand what it is saying. Can someone clarify this goldmine of info he is referring to?
Here is another example of a tool interpreting a situation:
#nmap 192.168.9.3
Interesting ports on 192.168.9.3:
PORT STATE SERVICE
22/tcp filtered ssh
"Nmap says that the port is filtered, but this answer has been triggered by a host unreachable ICMP error sent by the last router. In this context, the ICMP message has been interpreted as The packet has been blocked on its way to the target, while it should have been interpreted as The packet was to be delivered, but the target was not reachable. This situation typically occurs when a port is allowed to pass on a whole IP network block while not all IP addresses are used. This is a gold mine of information when you want to set up a backdoor, but if you trust your tool, not only will you miss the gold, but you’ll also lose the whole mine because Nmap makes you wrongly assume no backdoor can be implanted there." Security Power Tools (2007)
Side note: Why no http://ift.tt/15OmJ3w "tag" for Scapy?
Aucun commentaire:
Enregistrer un commentaire