IP Address Hopping

New in version 1.4.

Warning

This feature assumes the Red/Green network is serving DHCP on one or more /16 ranges that are accessible on the eth3 interface. See iscore/servicecheck/hop_ip_addr.bash for more information and configuration. Note that since IScorE will request a new address for each scan, the DHCP server must be configured correctly to avoid DHCP starvation.

This feature is disabled by default. To enable this feature set HOP_IP_ADDRESSES to True in your iscore/settingslocal.py.

To prevent Blue Teams from whitelisting IScorE’s service scanner while blocking the Red/Green ranges, IScorE can be attached to the Red/Green range (with a new network interface) and be configured to randomly change IP addresses throughout the Red/Green range, as to not differentiate it from the rest of the Red/Green traffic as well has keeping it from being predictable.

The iscore/servicecheck/hop_ip_addr.bash script is called by the iscore/servicecheck/run_servicescan.bash before running the scan, resulting in new MAC and IP addresses for each scan.