ISS products are meant to be used in a defensive role. Here we will look at using them in an offensive role. ===Please note that the writer has NO responsibility for YOUR actions with this === ===information! I did not make you do it. I just made you aware it COULD be done.=== Internet Scanner and the Real Secure products can both be used to create a DoS type attack on unsuspecting networks. Here is what a would-be attacker would need to conduct such an attack: ISS product. Visit http://crack.21m.net/ and obtain the key generator for ISS products. Cut your key to include the range of IP addresses, which you wish to use the products against. (Or just make one "God" key by making the range 0.0.0.0-255.255.255.255) Install the product and drop the newly created key in the directory. Now your ready to go to work. Note: You may want to install the latest Xpress updates before you begin. Having the latest and greatest exploits and vulnerabilities in the product increases your chances of finding one that your target is vulnerable to. Scenarios: Having ISS Internet Scanner on a laptop could work wonders. For instance, have physical access to a network. Plug yourself in. Now let Internet Scanner run DoS attacks against the entire network. Or set up policies in Real Secure that restrict net bios traffic if it is a Windows network environment. Or maybe stop all traffic to website you hate by blocking HTTP traffic from any host to your target (website). Remotely a person could look up a domain on the Internet, grab its IP address, remotely check for its Operating System, and Web server application and let Internet Scanner run against it. Keep in mind that these products will not spoof the source IP address that the attacks are coming from. There are only a couple of "checks"(attacks) that spoof the source address of the attack. Although in Real Secure killing TCP connections are a bit harder to trace than a teardrop attack from Internet Scanner. There are a number of ways that these products could be used in an offensive manner. This is in no way an all-inclusive listing.