Penetration Testing mailing list archives
Loose source routing for remote host discovery
From: Oliver Enzmann <oliver () cosec org>
Date: Thu, 8 May 2003 16:02:12 +0200
Hello, I need to discover hosts and services on remote subnets using nmap or similar. However, routes to/from some of these subnets have local significance only and are therefore not redistributed into the global routing tables. The lack of complete routing tables obviously causes end-to-end layer 3 connectivity and scanning of these subnets to fail. What I need is a way to use loose source routing in combination with nmap - a way to mangle packets and add loose source routing information to the IP options before nmap's packets are sent out to the wire. I've looked at netcat (-g option to add source routing information ) but I would prefer to use nmap for the actual scanning. Also, hping2-rc2 seems to support source routing but I haven't tried it yet mainly because nmap is the tool of choice. This is on Linux with kernel 2.4. Netfilter or iproute2 tricks would be definite possibilities. TIA, Oliver -- Unix is sexy: "unzip", "strip", "touch", "mount", "sleep". --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Loose source routing for remote host discovery Oliver Enzmann (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 08)
- Re: Loose source routing for remote host discovery R. DuFresne (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 09)
- Re: Loose source routing for remote host discovery Oliver Enzmann (May 09)
- <Possible follow-ups>
- Re: Loose source routing for remote host discovery Chris McNab (May 09)