[Openvas-devel] openvasd -S option
Chandrashekhar B
bchandra at secpod.com
Fri Sep 4 16:56:09 CEST 2009
-----Original Message-----
From: openvas-devel-bounces at wald.intevation.org
[mailto:openvas-devel-bounces at wald.intevation.org] On Behalf Of Tim Brown
Sent: Friday, September 04, 2009 8:12 PM
To: openvas-devel at wald.intevation.org
Cc: 'Jan-Oliver Wagner'
Subject: Re: [Openvas-devel] openvasd -S option
On Friday 04 September 2009 15:35:57 Geoff Galitz wrote:
>> Changing the source IP is frequently used for IDS evasion and spoofing
the
>> address of another system or network to get around firewall rules.
>> Typically the spoofing does not work so well with TCP connections, but is
>> more effective with UDP scans. If the scanner was on the same local
>> network as the target the TCP spoofed scan would stand a better chance of
>> success (since the MAC address would still be intact).
>>
>> I think it would be useful to retain this feature. It is good for
auditing
>> firewall and IDS systems.
> Also useful it you have a multi homed machine and want to force traffic
down a
> specific interface irrespective of routes.
This looks to be the real purpose!
Chandra.
More information about the Openvas-devel
mailing list