Electronic Books

So
you can, for example, connect to the HTTP port and
then use identd to find out whether the server is
running as root. This can only be done with a full TCP
connection to the target port (i.e., the -sT scanning
option). When -I is used, the remote host??™s identd is
queried for each open port found. Obviously, this will
not work if the host is not running identd.
-f This option causes the requested SYN, FIN, XMAS, or
NULL scan to use tiny fragmented IP packets.
Appendix B : Tool Syntax
687
Chapter Tool Syntax
Chapter 3
(continued)
Ping The idea is to split up the TCP header over several
packets to make it harder for packet filters, intrusion
detection systems, and other annoyances to detect
what you are doing. Be careful with this! Some
programs have trouble handling these tiny packets. My
favorite sniffer segmentation faulted immediately upon
receiving the first 36-byte fragment. After that comes a
24-byte one! While this method will not get by packet
filters and firewalls that queue all IP fragments (such
as the CONFIG_IP_ALWAYS_DEFRAG option in the
Linux kernel), some networks cannot afford the
performance hit this causes and thus leave it disabled.
Note that I do not yet have this option working on all
systems. It works fine for my Linux, FreeBSD, and
OpenBSD boxes and some people have reported
success with other *NIX variants.
-v Verbose mode. This is a highly recommended option
and it gives out more information about what is going
on.


Pages:
223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247