RE: firewalk meets nmap - TTL (tested)

[Oliver Friedrichs <of () securityfocus com>]

> Lance, we should automate this somehow. This is a cool thing.
> But again correct configuration will prevent this from happening.

This is a really neat idea.  It should be easy to automate, if you 
add in some traceroute functionality to nmap to determine the hop
where packets are being dropped (this would be the firewall), then
you only need to specify an address on the internal network.  I think
nmap could use UDP/TCP ACK/ICMP traceroute functionality anyways.
And while your at it, make it parallel, send out 32 packets with
incrementing ttl's at the very start.. none of this 1 hop at a time
slowness.

- Oliver

--------------------------------------------------
For help using this (nmap-hackers) mailing list, send a blank email to 
nmap-hackers-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).