Re: Loose source routing for remote host discovery

From: R. DuFresne (dufresne@sysinfo.com)
Date: Thu May 08 2003 - 15:46:59 EDT


The main trouble you face is that while the tools and toys you are using
might allow such 'loose source routing' the question and sticker might
well be, "do the devices your specially crafted packets need to traverse
also play the same game?" If those maintaining them have any salt to
their meat, I'm betting they do not, and so your packets will only make
it so far and then return information about route/host/service not found,
etc. You can toss packets at a device, buut, if the device is not
configed to play nicely with those packets, all the mangling in the world
will not get that device to pass em. Of course, the devices ment to be
traversed could have OS flaws or HW issues that fail them 'open' if they
are hit hard enough or with truely mangeled enough packets, but, not the
thing one might wish to place bets upon

Thanks,

Ron DuFresne

On Thu, 8 May 2003, Oliver Enzmann wrote:

> Hello,
>
> I need to discover hosts and services on remote subnets using nmap or similar.
> However, routes to/from some of these subnets have local significance only
> and are therefore not redistributed into the global routing tables. The lack
> of complete routing tables obviously causes end-to-end layer 3 connectivity
> and scanning of these subnets to fail.
>
> What I need is a way to use loose source routing in combination with nmap -
> a way to mangle packets and add loose source routing information to the IP
> options before nmap's packets are sent out to the wire.
>
> I've looked at netcat (-g option to add source routing information ) but I
> would prefer to use nmap for the actual scanning. Also, hping2-rc2 seems to
> support source routing but I haven't tried it yet mainly because nmap is the
> tool of choice.
>
> This is on Linux with kernel 2.4. Netfilter or iproute2 tricks would be
> definite possibilities.
>
> TIA, Oliver
>

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:32 EDT