[Openvas-devel] openvasd -S option
bchandra at secpod.com
Fri Sep 4 16:55:18 CEST 2009
Spoofing or packet forgery is seperately implemneted in NASL. Targets
auditing is done using those functions. -S option is for the server. I am
not able to realize the need for server to spoof.
Jan: Can you point to some links from google?
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Geoff Galitz
Sent: Friday, September 04, 2009 8:06 PM
To: 'Jan-Oliver Wagner'; openvas-devel at wald.intevation.org
Subject: Re: [Openvas-devel] openvasd -S option
Changing the source IP is frequently used for IDS evasion and spoofing the
address of another system or network to get around firewall rules.
Typically the spoofing does not work so well with TCP connections, but is
more effective with UDP scans. If the scanner was on the same local network
as the target the TCP spoofed scan would stand a better chance of success
(since the MAC address would still be intact).
I think it would be useful to retain this feature. It is good for auditing
firewall and IDS systems.
Blankenheim NRW, Germany
> -----Original Message-----
> though I never used this option, I am not convinced this
> is not needed at all. Various special cases seem to need it,
> google says.
Openvas-devel mailing list
Openvas-devel at wald.intevation.org
More information about the Openvas-devel