WHAT'S HOT
PARTS:
Part 8
Part 9
Part 10
Part 11
Part 12
Part 13
Part 14
Part 15
Prev | Current Page 232 | Next

Mark D. Spivey

"Practical Hacking Techniques and Countermeasures"

X, Ultrix, VAX, and VxWorks. See the
nmap-hackers mailing list archive for a full list.
-sR RPC scan This method works in combination with
the various port scan methods of nmap. It takes all the
TCP/UDP ports found open and then floods them with
SunRPC program NULL commands in an attempt to
determine whether they are RPC ports.
Appendix B : Tool Syntax  685
Chapter Tool Syntax
Chapter 3
(continued)
Ping -b FTP bounce attack An interesting
???feature??? of the FTP protocol (RFC 959) is support for
proxy FTP connections. In other words, I should be able
to connect from evil.com to the FTP server of
target.com and request that the server send a file
anywhere on the Internet! Now this may have worked
well in 1985 when the RFC was written. But in today??™s
Internet, we cannot have people hijacking FTP servers
and requesting that data be spit out to arbitrary points
on the Internet. As Hobbit wrote back in 1995, this
protocol flaw ???can be used to post virtually untraceable
mail and news, hammer on servers at various sites, fill
up disks, try to hop firewalls, and generally be annoying
and hard to track down at the same time.??? What we will
exploit this for is to scan TCP ports from a proxy FTP
server. Thus you could connect to an FTP server behind
a firewall, and then scan ports that are more likely to
be blocked (139 is a good one). If the FTP server allows
reading from and writing to some directory (such as
/incoming), you can send arbitrary data to ports that
you do find open (nmap does not do this for you,
though).


Pages:
220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244
Recollections of Calcutta for over Half a Century (page 60) The Time Traders (page 307) A Text-Book of the History of Painting (page 400)