Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

RE: Loose source routing for remote host discovery
From: "Dario Ciccarone" <dciccaro () cisco com>
Date: Thu, 8 May 2003 14:51:18 -0300
http://www.monkey.org/~dugsong/fragroute/

Didn't work for me - it doesn't really work as LSRR and SSRR should
work. It just sets the option and copies the list of IP addresses you
supply to the end of the packet - but doesn't do the actual
source-routing pointer-juggling and such. Good Luck. Let us all know if
it worked for you :D


Dario



-----Original Message-----
From: Oliver Enzmann [mailto:oliver () cosec org] 
Sent: Thursday, May 08, 2003 11:02 AM
To: pen-test () securityfocus com
Subject: Loose source routing for remote host discovery


Hello,

I need to discover hosts and services on remote subnets using 
nmap or similar. 
However, routes to/from some of these subnets have local 
significance only 
and are therefore not redistributed into the global routing 
tables. The lack 
of complete routing tables obviously causes end-to-end layer 
3 connectivity 
and scanning of these subnets to fail.  

What I need is a way to use loose source routing in 
combination with nmap - 
a way to mangle packets and add loose source routing 
information to the IP 
options before nmap's packets are sent out to the wire. 
 
I've looked at netcat (-g option to add source routing 
information ) but I 
would prefer to use nmap for the actual scanning. Also, 
hping2-rc2 seems to support source routing but I haven't 
tried it yet mainly because nmap is the 
tool of choice. 

This is on Linux with kernel 2.4. Netfilter or iproute2 
tricks would be 
definite possibilities.

TIA, Oliver
-- 
Unix is sexy: "unzip", "strip", "touch", "mount", "sleep".


--------------------------------------------------------------
-------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM: 
http://www.securityfocus.com/StillSecure-pen-> test


--------------------------------------------------------------
--------------





---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]