[Openvas-devel] openvasd -S option

Tim Brown timb at openvas.org
Fri Sep 4 16:42:15 CEST 2009


On Friday 04 September 2009 15:35:57 Geoff Galitz wrote:
> Changing the source IP is frequently used for IDS evasion and spoofing the
> address of another system or network to get around firewall rules.
> Typically the spoofing does not work so well with TCP connections, but is
> more effective with UDP scans.  If the scanner was on the same local
> network as the target the TCP spoofed scan would stand a better chance of
> success (since the MAC address would still be intact).
>
> I think it would be useful to retain this feature.  It is good for auditing
> firewall and IDS systems.

Also useful it you have a multi homed machine and want to force traffic down a 
specific interface irrespective of routes.

Tim
-- 
Tim Brown
<mailto:timb at openvas.org>
<http://www.openvas.org/>


More information about the Openvas-devel mailing list