Nmap Development mailing list archives
Using Teredo to overcome lack of raw socket privileges
From: Kasper Dupont <kasperd () bcrpb 23 may 2012 kasperd net>
Date: Wed, 23 May 2012 20:57:36 +0200
I did a grep through the nmap-6.00 and no such feature seems to exist so far. And I tried to search the mailing-list archives, and I found no indication that it has been considered before, so I'd like to ask what people think of this idea. Usually in order to make use of all the features in nmap, you need to have raw socket privileges. Without it, you are limited in what you can do. But with IPv6 there is another option, which I think is worth considering. The Teredo protocol was originally designed to tunnel IPv6 through IPv4 NAT gateways. It does that by tunnelling all IPv6 packets through UDP. However since using a UDP port does not require raw socket privileges, nmap could take advantage of it as well. Running a Teredo client and nmap on the same host requires privileges for both, but the privileges in that case is only required for the communication between the Teredo client and nmap running on the same machine. If a Teredo client was built into nmap, the need for privileges would be reduced to just being able to make use of a single UDPv4 port. Obviously the feature does have certain limitations. You are no longer on the same network segment as the target host, so any features that require you to be on the same segment will no longer work. However I guess most of those features would have required administrator privileges to begin with. Additionally you have a reduced MTU, and may also be affected by the reliability of Teredo (or rather lack thereof). But in cases where you are already on a different network segment from the target and don't have raw socket privileges, I think such a feature would often be useful. So my questions are. Did anybody already give it a try? And would such a feature be welcome in the nmap mainline? -- Kasper Dupont -- Rigtige mænd skriver deres egne backupprogrammer #define _(_)"d.%.4s%."_"2s" /* This is my email address */ char*_="@2kaspner"_()"%03"_("4s%.")"t\n";printf(_+11,_+6,_,12,_+2,_+7,_+6); _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Using Teredo to overcome lack of raw socket privileges Kasper Dupont (May 23)
- <Possible follow-ups>
- Using Teredo to overcome lack of raw socket privileges Kasper Dupont (May 26)
- Re: Using Teredo to overcome lack of raw socket privileges David Fifield (Jun 20)