Penetration Testing mailing list archives
RE: Loose source routing for remote host discovery
From: "Dario Ciccarone" <dciccaro () cisco com>
Date: Thu, 8 May 2003 14:51:18 -0300
http://www.monkey.org/~dugsong/fragroute/ Didn't work for me - it doesn't really work as LSRR and SSRR should work. It just sets the option and copies the list of IP addresses you supply to the end of the packet - but doesn't do the actual source-routing pointer-juggling and such. Good Luck. Let us all know if it worked for you :D Dario
-----Original Message----- From: Oliver Enzmann [mailto:oliver () cosec org] Sent: Thursday, May 08, 2003 11:02 AM To: pen-test () securityfocus com Subject: Loose source routing for remote host discovery Hello, I need to discover hosts and services on remote subnets using nmap or similar. However, routes to/from some of these subnets have local significance only and are therefore not redistributed into the global routing tables. The lack of complete routing tables obviously causes end-to-end layer 3 connectivity and scanning of these subnets to fail. What I need is a way to use loose source routing in combination with nmap - a way to mangle packets and add loose source routing information to the IP options before nmap's packets are sent out to the wire. I've looked at netcat (-g option to add source routing information ) but I would prefer to use nmap for the actual scanning. Also, hping2-rc2 seems to support source routing but I haven't tried it yet mainly because nmap is the tool of choice. This is on Linux with kernel 2.4. Netfilter or iproute2 tricks would be definite possibilities. TIA, Oliver -- Unix is sexy: "unzip", "strip", "touch", "mount", "sleep". -------------------------------------------------------------- ------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-> test -------------------------------------------------------------- --------------
--------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Loose source routing for remote host discovery Oliver Enzmann (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 08)
- Re: Loose source routing for remote host discovery R. DuFresne (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 09)
- Re: Loose source routing for remote host discovery Oliver Enzmann (May 09)
- <Possible follow-ups>
- Re: Loose source routing for remote host discovery Chris McNab (May 09)