[Openvas-devel] openvasd -S option

Chandrashekhar B bchandra at secpod.com
Fri Sep 4 16:55:18 CEST 2009


Spoofing or packet forgery is seperately implemneted in NASL. Targets
auditing is done using those functions. -S option is for the server. I am
not able to realize the need for server to spoof.

Jan: Can you point to some links from google?

Thanks,
Chandra.

-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Geoff Galitz
Sent: Friday, September 04, 2009 8:06 PM
To: 'Jan-Oliver Wagner'; openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] openvasd -S option



Changing the source IP is frequently used for IDS evasion and spoofing the
address of another system or network to get around firewall rules.
Typically the spoofing does not work so well with TCP connections, but is
more effective with UDP scans.  If the scanner was on the same local network
as the target the TCP spoofed scan would stand a better chance of success
(since the MAC address would still be intact).  

I think it would be useful to retain this feature.  It is good for auditing
firewall and IDS systems.

-geoff

---------------------------------
Geoff Galitz
Blankenheim NRW, Germany
http://www.galitz.org/
http://german-way.com/blog/


> -----Original Message-----
> 
> though I never used this option, I am not convinced this
> is not needed at all. Various special cases seem to need it,
> google says.
> 
...

_______________________________________________
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-devel




More information about the Openvas-devel mailing list