Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

pen-test logo Penetration Testing mailing list archives

Packet modifying proxy tool
From: Michael Cain <by_argos () hotmail com>
Date: Tue, 4 Mar 2008 09:16:24 +0000

Hi all,

I am currently doing an internal security assessment and have discovered that I can "jump" to different network 
segments and bypass router restrictions by utilizing Loose Source Routing. When it comes to port-scanning, nmap 
performs this task quite well, however I need a proxy tool that can handle source routing in order to allow other tools 
to reach the destination hosts.
I tried netcat (on Windows source routing is not supported) but it looks like it constructs the IP options in a 
different way than nmap and hence the destination host does not respond. I have also tried EchoMirage but packet 
interception and modification begins after a connection has been established which is not what I need.

Could you please suggest any other proxy tools that can handle source routing?

I also include part of the nmap and netcat packets (wireshark extract) and command parameters in case I did something 
wrong. 



*The IPs are not the original ones*


nmap -vv -n -sS -P0 -p 445 --ip-options "L 10.4.2.1" 10.5.2.1
-------------------------------------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (12 bytes)
        NOP
        Loose source route (11 bytes)
                Pointer: 4
                10.4.2.1 <- (current)
                10.5.2.1


nc -vv -n -g 10.4.2.1 10.5.2.1 445
----------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (12 bytes)
        Loose source route (11 bytes)
                Pointer: 4
                10.5.2.1 <- (current)
                10.5.2.1
        NOP


nc -vv -n -g 10.4.2.1 -g 10.4.2.1 10.5.2.1 445
----------------------------------------------
Source: 10.3.2.1 (10.3.2.1)
Destination: 10.4.2.1 (10.4.2.1)
Options: (16 bytes)
        Loose source route (15 bytes)
                Pointer: 4
                10.4.2.1 <- (current)
                10.5.2.1
                10.5.2.1
        NOP


Thank you,

Demetris


_________________________________________________________________
Telly addicts unite!
http://www.searchgamesbox.com/tvtown.shtml
------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]