Hosting Provided By

Re: Loose source routing for remote host discovery

From: R. DuFresne <dufresne(at)sysinfo.com>
Date: Thu May 08 2003 - 15:46:59 EDT

The main trouble you face is that while the tools and toys you are using might allow such 'loose source routing' the question and sticker might well be, "do the devices your specially crafted packets need to traverse also play the same game?" If those maintaining them have any salt to their meat, I'm betting they do not, and so your packets will only make it so far and then return information about route/host/service not found, etc. You can toss packets at a device, buut, if the device is not configed to play nicely with those packets, all the mangling in the world will not get that device to pass em. Of course, the devices ment to be traversed could have OS flaws or HW issues that fail them 'open' if they are hit hard enough or with truely mangeled enough packets, but, not the thing one might wish to place bets upon

Thanks,

Ron DuFresne

On Thu, 8 May 2003, Oliver Enzmann wrote:

> Hello,
>
> I need to discover hosts and services on remote subnets using nmap or similar.
> However, routes to/from some of these subnets have local significance only
> and are therefore not redistributed into the global routing tables. The lack
> of complete routing tables obviously causes end-to-end layer 3 connectivity
> and scanning of these subnets to fail.
>
> What I need is a way to use loose source routing in combination with nmap -
> a way to mangle packets and add loose source routing information to the IP
> options before nmap's packets are sent out to the wire.
>
> I've looked at netcat (-g option to add source routing information ) but I
> would prefer to use nmap for the actual scanning. Also, hping2-rc2 seems to
> support source routing but I haven't tried it yet mainly because nmap is the
> tool of choice.
>
> This is on Linux with kernel 2.4. Netfilter or iproute2 tricks would be
> definite possibilities.
>
> TIA, Oliver
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        
http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Received on Thu May 8 16:40:01 2003

This message: [ Message body ]
Next message: Bill Burge: "Re: HW/SW Rogue AP Wireless Detection"
Previous message: dave(at)immunitysec.com: "Re: HTTP NTLM password cracker"
In reply to: Oliver Enzmann: "Loose source routing for remote host discovery"
Next in thread: Dario Ciccarone: "RE: Loose source routing for remote host discovery"
Reply: Dario Ciccarone: "RE: Loose source routing for remote host discovery"
Reply: Oliver Enzmann: "Re: Loose source routing for remote host discovery"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:02:35 EDT