Using a Zombie and hide our real IP from the scan. This is to evade firewalls.
hping3 -S -r ZOMBIE_IP -p 135
If id=+1 means a good Zombie candidate. Leave it running and run the below command to execute Idle scan
hping3 -a ZOMBIE_IP -S TARGET_IP -p 23
nmap --script ipidseq ZOMBIE_IP -p 135 Find Zombie 1st way
nmap -O -v ZOMBIE_IP -p 135 Find Zombie 2nd way
nmap -sI ZOMBIE_IP:135 TARGET_IP -p 23 -Pn --packet-trace Execute Idle Scan
hping3 -S -r ZOMBIE_IP -p 135 Find Zombie and check the id incremental
nmap -S ZOMBIE_IP TARGET_IP -p 23 -Pn -n -e tap0 --disable-arp-ping Run Idle scan with NMAP
