[Openvas-devel] openvasd -S option

Chandrashekhar B bchandra at secpod.com
Fri Sep 4 16:56:09 CEST 2009


-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Tim Brown
Sent: Friday, September 04, 2009 8:12 PM
To: openvas-devel at wald.intevation.org
Cc: 'Jan-Oliver Wagner'
Subject: Re: [Openvas-devel] openvasd -S option

On Friday 04 September 2009 15:35:57 Geoff Galitz wrote:
>> Changing the source IP is frequently used for IDS evasion and spoofing
the
>> address of another system or network to get around firewall rules.
>> Typically the spoofing does not work so well with TCP connections, but is
>> more effective with UDP scans.  If the scanner was on the same local
>> network as the target the TCP spoofed scan would stand a better chance of
>> success (since the MAC address would still be intact).
>>
>> I think it would be useful to retain this feature.  It is good for
auditing
>> firewall and IDS systems.

> Also useful it you have a multi homed machine and want to force traffic
down a 
> specific interface irrespective of routes.


This looks to be the real purpose!

Chandra. 



More information about the Openvas-devel mailing list