Electronic Books

The ??“D 24.213.28.234 option instructs nmap to use this IP address as
a decoy against the target to attempt to throw anyone off that may be
reviewing the logs, IDS sensors, and so forth
*Note: The ?????“p 139??? in the example above can be any port but normally is a port
known to be open on the target so many times port 53 or 80 is used.
Also, with the ??“D option the attacker can enter several decoy IP addresses
separated by a comma (24.24.24.24, 24.24.24.25 ??¦) but keep in mind the real
IP address will also traverse to the target as well. This supports using more
decoy IPs or spoofing your IP address altogether (spoofing is covered in
Chapter 6).
Target Enumeration
113
The operating system guess will now take place.
From a sniffer (sniffers are covered in Chapter 5) we can validate from the
target that the decoy IP address was sent to the target.
In this example the target has been identified as:

Running Microsoft Windows 95/98/ME/NT/2K or XP
Also notice that the MAC address of the target has been identified; and
that the target is a VMware computer.
The nmapFE application acts as a front end for nmap and provides the
user a ???windowed??? environment.
114
Practical Hacking Techniques and Countermeasures
Follow the previous instructions to compile and create the nmap executable.
The nmapFE application should be created during this process as well.
From a Linux terminal in the directory containing the nmapFE executable,
type the following:
nmapfe
The nmapFE application will start.


Pages:
45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69