[NSE] nat-pmp-info

[Patrik Karlsson <patrik () cqure net>]

Hi,

I noticed my router was running the nat-pmp protocol the other day and I quickly looked it up, wrote a script and 
disabled it ;)
The protocol is used to map a port on the external interface to a port on the internal LAN.
The communication is performed over udp 5351 and there's no authentication.
So pretty much anyone on the internal LAN can request a port to be forwarded.
I haven't implemented the mapping part but a request that retrieves the external IP of the router.

This request consist of two bytes both being zero and I noticed the response is triggered by several of the version 
scan probes.
However I failed to extract the IP as information in the matchline as the ip is not returned as text but rather as 4 
bytes.

I'm attaching the script and if you find it useful and something we should add to Nmap let me know and I'll commit it.

The specs are here:
http://files.dns-sd.org/draft-cheshire-nat-pmp.txt

Attachment: nat-pmp-info.nse
Description:

//Patrik
--
Patrik Karlsson
http://www.cqure.net
http://www.twitter.com/nevdull77





_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/