mailing list archives
[NSE] firewalk-path script
From: Henri Doreau <henri.doreau () gmail com>
Date: Mon, 10 Jan 2011 10:23:31 +0100
please find attached a new firewalking script. It will basically try
to guess at which point of the path to a given target is a port
blocked. To achieve this, it sends probes to filtered ports with low
IP TTLs and waits for ICMP TIME_EXCEEDED messages that would prove
that a probe has reached the emitter.
Starting with a TTL equal to the distance to the target and decreasing
after each timeout, we can stop probing a given port as soon as we get
the first ICMP reply for this port.
As for my previous firewalk script, the --traceroute flag is
mandatory, and the script has to be run with root privileges. Some
options are available but optional.
You can test it quickly using the following command line:
nmap --datadir . --script firewalk-path --traceroute --top-ports 10
I don't know whether it should replace the existing firewalk.nse
script or not. Maybe by adding some option to select a given gateway
on the path?
I hope that you'll find it interesting, feedback welcome!
henri.doreau () gmail com
Sent through the nmap-dev mailing list
Archived at http://seclists.org/nmap-dev/
- [NSE] firewalk-path script Henri Doreau (Jan 10)