Re: Testing F5 3DNS

[Ben Timby <asp () webexc com>]

Sorry, I forgot to copy the group with my reply, here it is (a bit late):

--
hello, I would investigate using a firewall like pf that would allow you
to rewrite outbound packets. You may be able to accomplish it this way.
RDR/NAT rules may be useful for this purpose. Also, you may be able to
abuse proxy capabilities for your purpose.

Another method may be to use packet factory type software like hping to
simulate the protocols you wish to inspect. This may involve making
packet caps of "real" sessions, and then writing shell scripts to "play
these back" using hping or another packet generating tool of your
choice, which allows you to set arbitrary payload, source ip/port, etc.

One other thought is to use a udp reflector (you could write one) that
would wait for connections on a particular udp port, and forward them to
 a specific host on a specific port from a specific port. This would be
pretty simple software to write.

Hope that helps!

wnorth wrote:

> So, I found something interesting during a pen test of an F5 3DNS device.
> Just doing a simple UDP port scan against the device and sourcing my port as
> udp/53 I was able to see all of the UDP services running. The next step
> would have been to try and test these services by keeping my source port as
> UDP/53. Anyone know of a way to do this, something like testing SNMP by
> sourcing as UDP/53, or some other test.
>
> Suggestions are welcome.
>
> -wn