proposal of ports

Luigi Pizzirani l.pizzira at
Mon Aug 30 06:27:59 PDT 2004

Hello, my name is Luigi and I am writing to you, because I would like
you to take a look at two codes of mine. The first is a portscan spoofed
that uses id bug discovered by Antirez to spoof our machine. This is an
example of its use: 
worklab# ./spoofscan -a -s -l 78 -h 82 -n 6 -t 300000 Stealth Scan by Luigi Pizzirani.
Warning!!! This is a stealth portscanner based on the requirements that
the host we are using for our spoof has no traffic, has not random IP id
and we have all firewalls down. Anyway, being this scanner stealth, it
is far from being 100% reliable. Enjoy it. DISCLAIMER!!! IP SPOOFING, AS
MYSELF LIABLE FOR ANY ABUSE OF THIS PROGRAM. Id sequence relative to 564 565 566 567 568 569 It seems that host
has no traffic: excellent!!! Id sequence relative to port 78 of host via 570 571 572 573 574 575 Hmmm...looks
like 78 is closed. Id sequence relative to port 79 of host via 576 577 579 581 583 585 Hmmm...looks
like 79 is OPEN. Id sequence relative to port 80 of host
via 594 595 597 599 600 602 Hmmm...looks like 80 is OPEN.
Id sequence relative to port 81 of host via
612 613 614 615 616 617 Hmmm...looks like 81 is closed. Id sequence
relative to port 82 of host via 618 619 620
621 622 623 Hmmm...looks like 82 is closed. Ports of that
look like open: 79(finger), 80(http). worklab#

You can find a paper of it at (sorry
in Italian :-( , but if you are interested I will translate it)

The second code is a sort of sniffer that that catches incoming ARP
requests for a gateway and answers that the gateway is itself, so if for
example we have a lan with one machine having IP and default
gateway, another with, and the real gw is this tool(installed on the gateway sniffs
for example the arp request: "ARP who-has tell" and
replies to with "ARP reply: is-at my_mac_address" (a
sort of ARP poisoning), then it creates the alias is not
routable) and updates its own ARP cache with the couple sending itself a ARP reply. This tool can be
useful for example if a hotel wants to offer connectivity to customers
coming with their laptop and not having DHCP configured, but their own
IP address instead and they don't know/want to change  their LAN
parameters. With it they simply plug and go. It could be misunderstood
with proxy ARP, but there are two fundamental differences: this one runs
in uspace and unlikely proxy ARP that works only with two subnets, this
one works with every one. 

I would be very happy if you take a look at these two codes and tell me
your opinion and what do you think about eventually making the ports of

Looking forward to have a reply my best regards.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: spoofscan.c
Type: application/octet-stream
Size: 14038 bytes
Desc: not available
Url :
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sasp.c
Type: application/octet-stream
Size: 10943 bytes
Desc: not available
Url :

More information about the freebsd-ports mailing list