Zombie scanning with Nmap
While writing a custom script, as discussed in the previous recipe, is useful to understand the principle behind how zombie scanning works, there is also a highly effective scanning mode in Nmap that can be invoked to perform zombie scanning. This specific recipe demonstrates how we can use Nmap for zombie scanning.
Getting ready
To use Nmap to perform a zombie scan, you will need to have a remote system that is running TCP services and another remote system that has incremental IPID sequencing. In the examples provided, an installation of Metasploitable2 is used as a scan target and an installation of Windows XP is used as an incremental IPID zombie. In the examples provided, a combination of Linux and Windows systems is used. For more information on how to set up systems in a local lab environment, refer to the Installing Metasploitable2 and Installing Windows Server recipes in Chapter 1, Getting Started. Additionally, this section will require a script to be written...
