IP Address Hopping

New in version 1.4.

Warning

This feature assumes the Red/Green network is serving DHCP on one or more /16 ranges that are accessible on the eth3 interface. See iscore/servicecheck/hop_ip_addr.bash for more information and configuration. Note that since IScorE will request a new address for each scan, the DHCP server must be configured correctly to avoid DHCP starvation.

Note

In IScorE 2.1 hopping will resume. However, due to the changes in the server scanner in version 2.0 the service scanner will not respect the settings HOP_IP_ADDRESSES set to True.

This feature is disabled by default. To enable this feature set HOP_IP_ADDRESSES to True in your iscore/settingslocal.py.

To prevent Blue Teams from whitelisting IScorE’s service scanner while blocking the Red/Green ranges, IScorE can be attached to the Red/Green range (with a new network interface) and be configured to randomly change IP addresses throughout the Red/Green range, as to not differentiate it from the rest of the Red/Green traffic as well has keeping it from being predictable.

The iscore/servicecheck/hop_ip_addr.bash script is called by the iscore/servicecheck/run_servicescan.bash before running the scan, resulting in new MAC and IP addresses for each scan.