nmap is god... or is it? read on

[cgkanchi]

A great tool to use to build your own packets is nemesis. It's originally intended for use on *NIX but a Windows port is also available. The *NIX version can be found at http://nemesis.sourceforge.net/ and the Windows version at http://www.engagesecurity.com/dev/#nemesiswin32 . I've used both versions and found them to be extremely flexible. Unlike the engage packet builder which someone mentioned that allows you only craft TCP, UDP and ICMP packets, nemesis allows you to craft ARP, DNS, ICMP, IGMP, OSPF, RIP, TCP and UDP packets.

Cheers,
cgkanchi

[entropic]

You could also try scapy a nice little tool for python which allows you to craft your own packets

http://www.cartel-securite.fr/pbiond...cts/scapy.html

Scapy is a powerful interactive packet manipulation tool, packet generator, network scanner, network discovery, packet sniffer, etc. It can for the moment replace hping, 85% of nmap, arpspoof, arp-sk, arping, tcpdump, tethereal, p0f, ....

Scapy uses the python interpreter as a command board. That means that you can use directly python language (assign variables, use loops, define functions, etc.) If you give a file as parameter when you run scapy, your session (variables, functions, intances, ...) will be saved when you leave the interpretor, and restored the next time you launch scapy.

--From the above url

[Noia]

I don't think slave scanning was coverd, if you had a few slaves you could "Dos" the target with SYN connections, a weak DoS which will be writen off as a bunch of kiddies messing around while in acctuality, it's been one person scanning through several zombies.

I don't know much about Zombie scanning, but in theory, that should confuse the hell outa the IDS, it may well pick up on it, but it wouldn't trace back to you, so it dosn't matter if the IDS goes nuts, it
"looks" like a DoS attack, not some one scanning their ports.