Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: Latest NMAP & the cisco VPN client...

Re: Latest NMAP & the cisco VPN client...

From: kx <kxmail_at_gmail.com>
Date: Fri, 9 Feb 2007 20:50:21 -0500

Colin,
  WinPcap can't transmit over a VPN. See:
http://seclists.org/nmap-dev/2006/q3/0438.html

You might try --unprivileged which should allow things like Connect
scans to work.

Cheers,
  kx

On 2/9/07, Hines,Colin Mack <cmhines_at_ufl.edu> wrote:
>
> Running XP sp2 / all latest patches and IE7.
>
> Cisco VPN Client 4.6.02.0011 using ipsec/tcp
> Nmap for windows v4.20 downloaded today from insecure.org
>
> It seems that nmap is not correctly enumerating all the local routes
> provided by the cisco vpn client. Here is my current route print
> output...
>
> C:\Program Files\Nmap>route print
> ========================================================================
> ===
> Interface List
> 0x1 ........................... MS TCP Loopback interface
> 0x2 ...00 13 72 c6 f2 2b ...... Broadcom NetXtreme 57xx Gigabit
> Controller - Pac
> ket Scheduler Miniport
> 0x10004 ...00 05 9a 3c 78 00 ...... Cisco Systems VPN Adapter - Packet
> Scheduler
> Miniport
> ========================================================================
> ===
> ========================================================================
> ===
> Active Routes:
> Network Destination Netmask Gateway Interface
> Metric
> 0.0.0.0 0.0.0.0 10.241.22.1 10.241.23.222
> 20
> 10.5.135.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 10.5.176.0 255.255.240.0 10.228.255.129 10.228.255.129
> 1
> 10.5.192.0 255.255.240.0 10.228.255.129 10.228.255.129
> 1
> 10.227.208.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 10.228.255.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 10.228.255.128 255.255.255.128 10.228.255.129 10.228.255.129
> 10
> 10.228.255.129 255.255.255.255 127.0.0.1 127.0.0.1
> 10
> 10.241.22.0 255.255.254.0 10.241.23.222 10.241.23.222
> 20
> 10.241.22.0 255.255.254.0 10.228.255.129 10.228.255.129
> 1
> 10.241.23.7 255.255.255.255 10.241.23.222 10.241.23.222
> 1
> 10.241.23.222 255.255.255.255 127.0.0.1 127.0.0.1
> 20
> 10.255.255.255 255.255.255.255 10.228.255.129 10.228.255.129
> 10
> 10.255.255.255 255.255.255.255 10.241.23.222 10.241.23.222
> 20
> 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1
> 1
> 128.227.0.144 255.255.255.240 10.228.255.129 10.228.255.129
> 1
> 128.227.21.0 255.255.255.192 10.228.255.129 10.228.255.129
> 1
> 128.227.75.224 255.255.255.240 10.228.255.129 10.228.255.129
> 1
> 128.227.128.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 128.227.138.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 128.227.156.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 128.227.166.117 255.255.255.255 10.241.22.1 10.241.23.222
> 1
> 128.227.187.192 255.255.255.192 10.228.255.129 10.228.255.129
> 1
> 128.227.208.0 255.255.255.0 10.228.255.129 10.228.255.129
> 1
> 224.0.0.0 240.0.0.0 10.228.255.129 10.228.255.129
> 10
> 224.0.0.0 240.0.0.0 10.241.23.222 10.241.23.222
> 20
> 255.255.255.255 255.255.255.255 10.228.255.129 10.228.255.129
> 1
> 255.255.255.255 255.255.255.255 10.241.23.222 10.241.23.222
> 1
> Default Gateway: 10.241.22.1
> ========================================================================
> ===
> Persistent Routes:
> None
>
> Now, here is my nmap --iflist output...
>
> C:\Program Files\Nmap>nmap --iflist
>
> Starting Nmap 4.20 ( http://insecure.org ) at 2007-02-09 11:12 Eastern
> Standard
> Time
> ************************INTERFACES************************
> DEV (SHORT) IP/MASK TYPE UP MAC
> eth0 (eth0) 10.241.23.222/23 ethernet up 00:13:72:C6:F2:2B
> eth1 (eth1) 10.228.255.129/25 ethernet up 00:05:9A:3C:78:00
> lo0 (lo0) 127.0.0.1/8 loopback up
>
> **************************ROUTES**************************
> DST/MASK DEV GATEWAY
> 255.255.255.255/32 eth1 10.228.255.129
> 128.227.166.117/32 eth0 10.241.22.1
> 10.255.255.255/32 eth0 10.241.23.222
> 10.255.255.255/32 eth1 10.228.255.129
> 10.241.23.222/32 lo0 127.0.0.1
> 10.241.23.7/32 eth0 10.241.23.222
> 10.228.255.129/32 lo0 127.0.0.1
> 255.255.255.255/32 eth0 10.241.23.222
> 128.227.75.224/4 eth1 10.228.255.129
> 128.227.0.144/4 eth1 10.228.255.129
> 128.227.21.0/2 eth1 10.228.255.129
> 128.227.187.192/2 eth1 10.228.255.129
> 10.228.255.128/1 eth1 10.228.255.129
> 128.227.208.0/0 eth1 10.228.255.129
> 10.5.135.0/0 eth1 10.228.255.129
> 10.227.208.0/0 eth1 10.228.255.129
> 10.228.255.0/0 eth1 10.228.255.129
> 128.227.156.0/0 eth1 10.228.255.129
> 128.227.128.0/0 eth1 10.228.255.129
> 128.227.138.0/0 eth1 10.228.255.129
> 10.241.22.0/0 eth1 10.228.255.129
> 10.241.22.0/0 eth0 10.241.23.222
> 10.5.176.0/0 eth1 10.228.255.129
> 10.5.192.0/0 eth1 10.228.255.129
> 127.0.0.0/0 lo0 127.0.0.1
> 224.0.0.0/0 eth1 10.228.255.129
> 224.0.0.0/0 eth0 10.241.23.222
> 0.0.0.0/0 eth0 10.241.22.1
>
>
> As far as I can tell, it seems to be doing some wacky stuff with the
> network masks. We noticed this issue when trying to nmap 10.5.177.x
> boxes and it was not sending it over the vpn, but sending it over the
> local network, eth0.
>
> Thanks!
>
> Colin M. Hines
> Infrastructure Team -=- UF Bridges
> cmhines_at_ufl.edu -=- 352.871.7000
>
> _______________________________________________
> Sent through the nmap-dev mailing list
> http://cgi.insecure.org/mailman/listinfo/nmap-dev
> Archived at http://SecLists.Org
>

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Received on Feb 09 2007

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos