Re: IP forwarding

[batz <batsy () vapour net>]

On Sun, 17 Jun 2001, paul miles wrote:

:Does anyone know of methods that can be used to identify systems on a 
:network that will forward IP traffic?
:
:Whether they be routers or an NT or Linux system that is set up to route 
:traffic with a few static routes set up.

There are a few different ways to do this, which amount to playing
Find The Router.

Netmask style: ICMP type 17 (netmask request) to see if it is a part 
of a smaller subnet than other hosts on the network. 

Firewalk style: Get the range of IP addresses, choose a reasonable TTL
for your packets that is >= the number of hops you are away from the network
address of the netblock you are scanning, use port 25 or 80 or udp 53 and
watch for TTL exceeded messages from routers. If somthing doesn't respond
at all, increate the TTL by 1 until you either find the host, or it is 
totally improbable that there are that many routers that are supressing
icmp unreachable messages. 

SNMP style: Check for ip.ipForward=1  on the interface. 

Routed style: Routed runs on udp/520. 

Zebra style: port 2601 for vty access, along with 179 for BGP and 2605 for
             zebra's BGPd. Just check /etc/services for various ports for
             routing protocols. There is no garuntee the host is routing, 
             but if these services are running, it's probably a safe bet. 


There are some easier ways if you are close to the network, or on it
using source routing, arp information, sniffing etc, but these should 
confirm it in most situations. 
 
--
batz
Reluctant Ninja
Defective Technologies