Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: [NSE] Detecting IP forwarding

From: Daniel Miller <bonsaiviking () gmail com>
Date: Tue, 01 May 2012 13:30:34 -0500
On 04/22/2012 01:55 PM, Patrik Karlsson wrote:

Hi all,

I had a discussion about ip forwarding and "internet connection sharing"
with a friend the other day.
The discussion was about detecting multi homed laptops having both the
wireless and wired network interfaces active and ip forwarding enabled.
I came up with the attached script which essentially tries to use each
scanned host as a gateway and sends a ping packet to a given target (either
on the same LAN or routed).
It then sees whether it gets a ICMP echo reply or redirect back and
determines whether the packet was forwarded or not.

I've tried it against Windows 7 connection sharing, my home router and a OS
X server with ip forwarding activated and it works as intended.
If there's another more efficient way to discover this, let me know,
otherwise I will commit the script within the next few days.

The script relies on some recent changes to packet.lua, so it needs this to
be updated library as well.

Cheers,
Patrik


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/

Patrik,
Just tried this out, and I'm coming up with lots of false positives. Basically, because of parallelism, the pcap_receive() calls all succeed on the same packet, meaning all hosts in the same hostgroup as a machine with forwarding on will show positive. I've attached a patch that modifies the BPF to match the source mac against the target's mac, which seems to solve the problem. I had to borrow the format_mac function from targets-ipv6-multicast-echo, since the packet library doesn't have an equivalent (that I can find). 

Dan

Attachment: ip-forwarding.patch
Description: 

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: