Nmap Development mailing list archives
[NSE] nat-pmp-info
From: Patrik Karlsson <patrik () cqure net>
Date: Thu, 16 Sep 2010 18:57:03 +0200
Hi, I noticed my router was running the nat-pmp protocol the other day and I quickly looked it up, wrote a script and disabled it ;) The protocol is used to map a port on the external interface to a port on the internal LAN. The communication is performed over udp 5351 and there's no authentication. So pretty much anyone on the internal LAN can request a port to be forwarded. I haven't implemented the mapping part but a request that retrieves the external IP of the router. This request consist of two bytes both being zero and I noticed the response is triggered by several of the version scan probes. However I failed to extract the IP as information in the matchline as the ip is not returned as text but rather as 4 bytes. I'm attaching the script and if you find it useful and something we should add to Nmap let me know and I'll commit it. The specs are here: http://files.dns-sd.org/draft-cheshire-nat-pmp.txt
Attachment:
nat-pmp-info.nse
Description:
//Patrik -- Patrik Karlsson http://www.cqure.net http://www.twitter.com/nevdull77
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] nat-pmp-info Patrik Karlsson (Sep 16)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 26)
- Re: [NSE] nat-pmp-info Tom Sellers (Sep 26)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 27)
- Re: [NSE] nat-pmp-info Fyodor (Sep 27)
- Re: [NSE] nat-pmp-info Daniel Miller (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Tom Sellers (Sep 26)
- Re: [NSE] nat-pmp-info David Fifield (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info David Fifield (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 28)
- Re: [NSE] nat-pmp-info Patrik Karlsson (Sep 26)