Traditionally, a port scan with a spoofed source IP has been considered unreliable due to the fact that reply packets would not reach back the scanning system, but Dynamic Port Scanner (DPS) technique ensures the reliability of such spoofed scan. The spoofed source IP is dynamically generated at run time and it varies for every scan packet; every scan packet carries a random spoofed source IP. DPS technique is based on the integration of ARP Poisoning into port scanning to achieve the desired result. The spoofed IP addresses used by DPS during a scanning process fall within the range of the local subnet. Thus, DPS is best suited for internal scanning.
There are three methods an attacker can use to spoof the source IP of the scanning machine and/or to disturb the attention of system and security administrators. These techniques are: Normal Spoofing Scan, Decoy Scan, and Distributed Scan.
While other methods may still be seen commonly around, Distributed scan works by dividing the scanning scope among multiple attack platforms. In such case, each attack platform performs a normal scan for a small range of port numbers. Although this is not 100% spoofing mechanism, it increases the overhead of the system administrator on the other side to trace back the attacker [e.g. there could be hundreds of originating IPs.] Furthermore, those originating IPs could be of compromised hosts.
You may also like this
- No Related Post
The rest is here:
Dynamic Port Scanner – reliable spoofed source IP port scanner
0 comments:
Post a Comment