In reference to my tutorial below, i showed how Metasploit is used to find potential zombies (idle machines)
http://securityg33k.blogspot.sg/2013/05/nmap-metasploit-finding-zombie.html
But NMAP does have the ability to find zombie machine as well,
#nmap -Pn -n --scanflags SYNACK 192.168.71.164 -p 80 --packet_trace
The ID=240 is where we will be focusing.
So re-run the scan again and look at the ID and in this case its incremental id=240 + 1 = id=241. When it is incremental +1, it means this system is a potential zombie!!!
No comments:
Post a Comment