Open sandman102 opened 8 years ago
From the README:
NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.
Thanks for the help, what I have done is use the -S option for masscan, not firewalled the ports though. Did you see issue #231 on github? This describes what I have done and the results. Thanks
On Jul 6, 2016 2:48 PM, Stephen Haywood notifications@github.com wrote:
From the README:
NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHubhttps://github.com/robertdavidgraham/masscan/issues/231#issuecomment-230867816, or mute the threadhttps://github.com/notifications/unsubscribe/AJm4uVOgBPZybNCsywMwpjCNZ0u8JpRvks5qS_hwgaJpZM4IwgDp.
Yes, I saw the issue on Github. It didn't mention that you were using the -S option so I apologize.
I am using a VPN tunnel (PIA) while I scan, however I keep getting abuse complaints from various IT departments that have my actual IP address.
Is it possible that masscan is somehow bypassing the tunnel?
Is there a setting in masscan that will suppress my real IP address or is this the intended design?
Thanks Update to my original post.
1) - I have verified that I do not have any DNS leaks. 2) - I have used telnet to connect to the same mysql servers that masscan is giving my real IP address to. The telnet connections always return a banner from the server with my VPN IP address. 3) - My DNS servers for all my IP adapters are set PIA recomended IP's 4) - My router DNS settings are also set to PIA recomended IP's
Example telnet 206.53.177.203 3306, will return a banner with the IP address from the VPN however masscan on the other hand will return my real IP address.
Additional example: I wrote a php program to finger an IP on port 79, the header returns my PIA IP, with masscan and VPN, the finger server returns my real IP address.
Thanks