[zd1211-devs] Question regarding nmap's idle scan technique/spoofed ip packets

[C.S: <har...@ya...>]

Hi folks,
i was wondering, why i get ouput like the following
--------------/cut here/--------------
root@playground:/# nmap -vv -sI www.google.com www.yahoo.com
WARNING: Many people use -P0 w/Idlescan to prevent pings from their true 
IP.  On the other hand, timing info Nmap gains from pings can allow for 
faster, more reliable scans.

Starting Nmap 4.02Alpha2 ( http://www.insecure.org/nmap/ ) at 2006-03-17 
10:35 CET
DNS resolution of 1 IPs took 0.22s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 
0, SF: 0, TR: 1, CN: 0]
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
sendto in send_ip_packet: sendto(5, packet, 44, 0, 66.249.93.99, 16) => 
Operation not permitted
Idlescan zombie www.google.com (66.249.93.99) port 80 cannot be used 
because it has not returned any of our probes -- perhaps it is down or 
firewalled.
QUITTING!
--------------/cut here/--------------
As you can see, using the idle scan technique with nmap's latest 
release, gets me some "operation not permitted" errors. I used 
google.com to show, that this is not an error related to to host. I just 
wanted to know, if this error is driver related, or kernel related. I 
even played with hping(2,3) which also gets me some 'operation not 
permitted' when it comes to spoofed ip packets. I am using the r48 
driver which works best for my x86_64 system, and the kernel ver 2.6.15 
(with ck5 patchset).

	
		
___________________________________________________________ 
Telefonate ohne weitere Kosten vom PC zum PC: http://messenger.yahoo.de