Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: Idle Machines and Spoofed Scan's

Idle Machines and Spoofed Scan's 12 years 3 weeks ago #5332

  • dchri
  • dchri's Avatar
  • Offline
  • New Member
  • Posts: 10
  • Karma: 0
or Idle Host Scanning.

What this means exactly is that someone is using one machine's ip addy ( the Idle machine ) to scan the target computer for open services.

This is needed because while he is spoofing his address as the Idle's machine address and sending syn packets to his target he will be sending syn packets as well to idle machine to monitor it's IP Id numbers. It is through the monitoring of said numbers that he will know if the target machine has open services or not.

When a machine is idle, and you send syn packets to it, the IP Id numbers will normally go up in a predictable sequence. If the sequence varies it is because the host is now active (no Idle).

By this I mean that the target machine will send to Idle computer a syn/ack. Idle machine will respond with an ack packet. This communication between the two will cause the IP Id numbers
to change from it's predictable sequence. Thus indicating to attacker/scanner that the spoofed (Idle) machine has found an open port. All this is done without exposing himself to the target machine.

If you have a machine which is running no services, and is firewalled this will not work. If you have services running but not used a lot then this may or may not work.

Don't be a Idle machine for use by the Black Hat's.
"The distance between genius and insanity is measured only by success." --
The administrator has disabled public write access.

Re: Idle Machines and Spoofed Scan's 12 years 3 weeks ago #5338

  • sahirh
  • sahirh's Avatar
  • Offline
  • Honored Member
  • Posts: 1700
  • Karma: 0
A very valid post.. however these days bouncing a scan is not that critical since most admins ignore scans altogether...

nmaps idle scan feature is absolute genius.. I bow to Fyodor !

Sahir Hidayatullah. Staff - Associate Editor & Security Advisor
The administrator has disabled public write access.
Time to create page: 0.080 seconds


Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V


  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup