search

robertdavidgraham / masscan

TCP port scanner, spews SYN packets asynchronously, scanning entire Internet in under 5 minutes.
GNU Affero General Public License v3.0
23.26k stars 3.04k forks source link

masscan is sending out my IP address #231

Open sandman102 opened 8 years ago

sandman102 commented 8 years ago

I am using a VPN tunnel (PIA) while I scan, however I keep getting abuse complaints from various IT departments that have my actual IP address.

Is it possible that masscan is somehow bypassing the tunnel?

Is there a setting in masscan that will suppress my real IP address or is this the intended design?

Thanks Update to my original post.

1) - I have verified that I do not have any DNS leaks. 2) - I have used telnet to connect to the same mysql servers that masscan is giving my real IP address to. The telnet connections always return a banner from the server with my VPN IP address. 3) - My DNS servers for all my IP adapters are set PIA recomended IP's 4) - My router DNS settings are also set to PIA recomended IP's

Example telnet 206.53.177.203 3306, will return a banner with the IP address from the VPN however masscan on the other hand will return my real IP address.

Additional example: I wrote a php program to finger an IP on port 79, the header returns my PIA IP, with masscan and VPN, the finger server returns my real IP address.

Thanks

averagesecurityguy commented 8 years ago

From the README:

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

sandman102 commented 8 years ago

Thanks for the help, what I have done is use the -S option for masscan, not firewalled the ports though. Did you see issue #231 on github? This describes what I have done and the results. Thanks

On Jul 6, 2016 2:48 PM, Stephen Haywood notifications@github.com wrote:

From the README:

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/robertdavidgraham/masscan/issues/231#issuecomment-230867816, or mute the threadhttps://github.com/notifications/unsubscribe/AJm4uVOgBPZybNCsywMwpjCNZ0u8JpRvks5qS_hwgaJpZM4IwgDp.

averagesecurityguy commented 8 years ago

Yes, I saw the issue on Github. It didn't mention that you were using the -S option so I apologize.