Nmap Development mailing list archives
Re: Using Teredo to overcome lack of raw socket privileges
From: David Fifield <david () bamsoftware com>
Date: Wed, 20 Jun 2012 18:21:08 -0700
On Wed, May 23, 2012 at 08:57:36PM +0200, Kasper Dupont wrote:
I did a grep through the nmap-6.00 and no such feature seems to exist so far. And I tried to search the mailing-list archives, and I found no indication that it has been considered before, so I'd like to ask what people think of this idea. Usually in order to make use of all the features in nmap, you need to have raw socket privileges. Without it, you are limited in what you can do. But with IPv6 there is another option, which I think is worth considering. The Teredo protocol was originally designed to tunnel IPv6 through IPv4 NAT gateways. It does that by tunnelling all IPv6 packets through UDP. However since using a UDP port does not require raw socket privileges, nmap could take advantage of it as well. Running a Teredo client and nmap on the same host requires privileges for both, but the privileges in that case is only required for the communication between the Teredo client and nmap running on the same machine. If a Teredo client was built into nmap, the need for privileges would be reduced to just being able to make use of a single UDPv4 port. Obviously the feature does have certain limitations. You are no longer on the same network segment as the target host, so any features that require you to be on the same segment will no longer work. However I guess most of those features would have required administrator privileges to begin with. Additionally you have a reduced MTU, and may also be affected by the reliability of Teredo (or rather lack thereof). But in cases where you are already on a different network segment from the target and don't have raw socket privileges, I think such a feature would often be useful. So my questions are. Did anybody already give it a try? And would such a feature be welcome in the nmap mainline?
This is an intriguing idea. Nobody has yet proposed it as far as I know. I can envision difficulties in implementation, but I'd be interested in seeing a patch. See the function send_ipv6_packet_eth_or_sd in tcpip.cc for the currently supported ways of sending raw IPv6 packets. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Using Teredo to overcome lack of raw socket privileges Kasper Dupont (May 23)
- <Possible follow-ups>
- Using Teredo to overcome lack of raw socket privileges Kasper Dupont (May 26)
- Re: Using Teredo to overcome lack of raw socket privileges David Fifield (Jun 20)