RE: Loose source routing for remote host discovery

From: Dario Ciccarone (dciccaro@cisco.com)
Date: Thu May 08 2003 - 13:51:18 EDT

• Next message: S. Rohit: "Re: HTTP NTLM password cracker"
• Previous message: John Madden: "Directory listing"
• In reply to: Oliver Enzmann: "Loose source routing for remote host discovery"
• Next in thread: R. DuFresne: "Re: Loose source routing for remote host discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.monkey.org/~dugsong/fragroute/

Didn't work for me - it doesn't really work as LSRR and SSRR should
work. It just sets the option and copies the list of IP addresses you
supply to the end of the packet - but doesn't do the actual
source-routing pointer-juggling and such. Good Luck. Let us all know if
it worked for you :D

Dario

> -----Original Message-----
> From: Oliver Enzmann [mailto:oliver@cosec.org]
> Sent: Thursday, May 08, 2003 11:02 AM
> To: pen-test@securityfocus.com
> Subject: Loose source routing for remote host discovery
>
>
> Hello,
>
> I need to discover hosts and services on remote subnets using
> nmap or similar.
> However, routes to/from some of these subnets have local
> significance only
> and are therefore not redistributed into the global routing
> tables. The lack
> of complete routing tables obviously causes end-to-end layer
> 3 connectivity
> and scanning of these subnets to fail.
>
> What I need is a way to use loose source routing in
> combination with nmap -
> a way to mangle packets and add loose source routing
> information to the IP
> options before nmap's packets are sent out to the wire.
>
> I've looked at netcat (-g option to add source routing
> information ) but I
> would prefer to use nmap for the actual scanning. Also,
> hping2-rc2 seems to support source routing but I haven't
> tried it yet mainly because nmap is the
> tool of choice.
>
> This is on Linux with kernel 2.4. Netfilter or iproute2
> tricks would be
> definite possibilities.
>
> TIA, Oliver
> --
> Unix is sexy: "unzip", "strip", "touch", "mount", "sleep".
>
>
> --------------------------------------------------------------
> -------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM:
> http://www.securityfocus.com/StillSecure-pen-> test
>
>
> --------------------------------------------------------------
> --------------
>
>

---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

• Next message: S. Rohit: "Re: HTTP NTLM password cracker"
• Previous message: John Madden: "Directory listing"
• In reply to: Oliver Enzmann: "Loose source routing for remote host discovery"
• Next in thread: R. DuFresne: "Re: Loose source routing for remote host discovery"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT