Bugtraq mailing list archives
STROBE v1.01 Super Optimised TCP port surveyor
From: proff () suburbia apana org au (Julian Assange)
Date: Thu, 9 Mar 1995 01:53:22 +1100 (EST)
The man page really describes it. The archive is: ftp://suburbia.apana.org.au:/pub/strobe.tgz -Proff === STROBE 1.01(1) STROBE 1.01(1) NAME strobe - Super optimised TCP port surveyor SYNOPSIS strobe [ -vVmdbetnSilfs ] [host1 ... [hostn]] DESCRIPTION strobe is a security/network tool that locates and describes all listening tcp ports on a (remote) host or on many hosts in a bandwidth utilisation maximising, and pro- cess resource minimising manner. strobe approximates a parallel finite state machine inter- nally. In non-linear multi-host mode it attempts to appor- tion bandwidth and sockets amoung the hosts very effi- ciently. This can reap appreciable gains in speed for multiple distinct hosts/routes. On a machine with a reasonable number of sockets, strobe is fast enough to port scan entire Internet sub domains. It is even possible to survey an entire small country in a reasonable time from a fast machine on the network back- bone, provided the machine in question uses dynamic socket allocation or has had its static socket allocation increased very appreciably (check your kernel options). In this limited application strobe is said to be faster and more flexible than ISS2.1 (an expensive, but verbose secu- rity checker by Christopher Klaus) or PingWare (also com- ercial, and even more expensive). OPTIONS -v Verbose output. -V Verbose statistical output. -m Minimise output. Only print hostname, port tuples. Implies -d. Useful for automated output parsing. -d Delete duplicate entries for port descriptions. i.e use only the first definition. -g Disable usage of getpeername(2). On solaris 2.3 machines this causes a core dump, for reasons unknown. This behavior is fixed with solaris 2.4. Under Linux and perhaps other unix implimentations, false tcp connection positives may occurr when this option is activated. -s Statistical information describing the average of all hosts surveyed is sent to stderr on completion. -q Quiet mode. Don't print non-fatal errors or the (c) message. 1 STROBE 1.01(1) STROBE 1.01(1) -d Display only the first description in the port ser- vices entry file (Cf. -B). -o file Direct output (but not any messages which can be affected by -q) to file. -b number Beginning (starting) port number. -e Ending port number. -t number Time after which a connection attempt to a com- pletely unresponsive host/port is aborted. -n number Use this number of sockets in parallel (defaults to 64). strobe attempts to figure out if number is greater than the quantity of available sockets at any point in time -- and if so, only use the amount found. On some UNIX implimentations such as Solaris, this appears not to work correctly and you may find yourself with unusual errors such as NO ROUTE TO HOST when you hit the socket ceiling. Remember that strobe probably isn't the only pro- cess on the system desiring a socket or two. Having strobe pilfer all the spare sockets away from inetd(8) and other daemons and clients isn't such a crash hot idea, unless you want to stop all new incoming and outgoing connections. -S file Change the default port services description file to file. Note that if -S is not specified port services are loaded from one of strobe.services, /usr/local/lib/strobe.services, or /etc/services. -i file Obtain hostnames to strobe from file rather than from the command line. Note that only the first white-space seperated word in each line of file is used, so one can feed in files such as /etc/hosts. -l Probe hosts linearly (sequentually) rather than in parallel. The actuall ports on each host are still checked in a parallel manner (with a parallelism of -n (defaults to 64)). -f Fast mode, probe only the tcp ports detailed in the port services file (see -S). -a number Abort and skip to the next host after ports to 2 STROBE 1.01(1) STROBE 1.01(1) number have been probed and still no connections have occurred. EXAMPLE strobe -n 120 -a 80 -i /etc/hosts -s -f -V -S services -o out strobe all entries in /etc/hosts (identical ip addresses are skipped automagically) using 120 sockets in parallel, but only check the individual tcp ports mentioned in ser- vices. If we have probed up to port 80 on a host and have still not yet evidenced a connection, then skip that host. Display speed/time statistics for each host and for the totality of hosts to stderr. Place the regular output in out. BUGS Strobe performs no other security functions (yet) and does not verify route blocking against UDP or TCP handshake sequence guessing one-way IP spoofing attacks. AUTHOR Julian Assange aka Proff EMAIL: strobe () suburbia apana org au proff () suburbia apana org au proff () four net proff () gnu ai mit edu HTML: http://suburbia.apana.org.au/~proff OFFICAL DISTRIBUTION ftp://suburbia.apana.org.au:/pub/users/proff/original/strobe.tgz COPYRIGHT Copyright (c) Julian Assange 1995, All rights reserved. This program maybe distributed only freely, in full and without modification. It may not be bundled with any sort of hardware or software, if a fee is charged for that hardware or software directly or indirectly, in whole or in part. If you would like to include this software in such prohibited distribution then please contact the author to negotiate reasonable terms. The author shall not under any circumstances accept any liability for this software, for its use, misuse, or any failings it may have. The author reserves the right to alter the aformentioned conditions from time to time as he sees appropriate. The author's most recent copyright notice and conditions for 3 STROBE 1.01(1) STROBE 1.01(1) this software always supersede any issued previously. Continued use of this software implies acceptance of the above. So there. SEE ALSO nslookup(1), host(1), dig(1), socket(2), bind(2), con- nect(2), iss(1).
Current thread:
- sigh. another Irix 5.2 hole. anthony baxter (Mar 06)
- Re: sigh. another Irix 5.2 hole. Paul 'Shag' Walmsley (Mar 07)
- Re: sigh. another Irix 5.2 hole. Norman P. B. Joseph (Mar 07)
- Request for subscription into the list Dayakar Veerlapati (Mar 07)
- Request for subscription into the list -=Where Eagles Dare=- (Mar 07)
- STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 08)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Mr Martin J Hargreaves (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Julian Assange (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor John Studarus (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Rodney Campbell (Mar 12)
- Re: STROBE v1.01 Super Optimised TCP port surveyor Scott D. Yelich (Mar 13)
- STROBE mirror Robert M. Haas (Mar 13)
- Re: STROBE mirror Michel Lavondes (Mar 14)
- STROBE 1.02 Julian Assange (Mar 14)
- Re: STROBE 1.02 Neil Woods (Mar 22)
- Sgi Xauthority Strangeness Paul Danckaert (Mar 14)