Re: More Linux routing problems

[David Fifield <david () bamsoftware com>]

On Mon, Feb 23, 2009 at 10:43:37AM -0800, PGNet wrote:
> On Mon, Feb 23, 2009 at 10:14 AM, David Fifield <david () bamsoftware com> wrote:
> > This case looks to be caused by some misconfiguration. See near the
> > bottom where there is
> >        /proc/net/route: Permission denied
> >        INET (IPv4) not configured in this system.
> >
> > Were these commands run as root?
>
> no.  in this case, this is a shared host (and i recognize that _may_
> be a deal-breaker ...). i'm escalated only to "my" user in "my" space
> -- i have no real 'root' access.

Thanks for the report. You are quite correct. The problem is caused by a
lack of root privileges.

> > The --privileged option will fail unless you are root.
>
> admittedly, rying either of the "other" options, namely
> '--unprivileged' or (nothing), complains abt that:
>
>   map -d9 -vvvvvvvv -PN -p42000-42100 --send-eth --unprivileged -sU
> my.domain.com
>     You requested a scan type which requires root privileges.
> QUITTING!
>
>   nmap -d9 -vvvvvvvv -PN -p42000-42100 --send-eth -sU my.domain.com
>     You requested a scan type which requires root privileges.
> QUITTING!

The --privileged option is for when Nmap thinks you don't have raw
packet sending privileges but you do. It doesn't help if you don't have
the privileges in the first place.

> _is_ it at all possible to do "this" sort of nmap scan from a shared host?

Unprivileged users are restricted in the types of scans they can do. UDP
is one of the root-only scans. Even if you can read /proc/net/route as
an unprivileged user, the OS won't let you create the raw sockets that
you need.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org