Nmap Development mailing list archives
Re: Scan via alternate gateway
From: Robin Wood <robin@digi.ninja>
Date: Mon, 22 Dec 2014 22:59:09 +0000
A quick thought, can you force nmap to use a fixed source port then set up iptables to route anything from that source port through the alternative gateway? Robin On 22 December 2014 at 20:48, Chris Frederick <cdf123 () cdf123 net> wrote:
Hi all, I have a server that we are moving from one dmz into another. We are starting the migration and now have the server dual homed with an ethernet connection to both subnets, but the default gateway is still set to the old dmz. I was wondering if there's a way to nmap scan servers that this server connects to from the other gateway to see if there are any firewall issues from the new ip address, so we can see which servers we will need to address before the final switch over. It looks like it could be doable, but it seems I would be short one option. A combination of --send-eth and -S gets the packet setup right, and -e points it in the right direction, but it still needs a gateway to forward it off. The gateway is accessible, but if I switch the host over to the new one it could cause issues with people using the server. I've setup multiple routing tables and policy routing before, but I'd rather not go through all that hassle. Would it be difficult to add some kind of a "--mac-relay" or "--ip-relay" to force packets to be send via a specific gateway (other than the configured host's gateway)? Or am I way over simplifying this? Or is there another method I could use to scan these? Thanks in advance. Chris _______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
_______________________________________________ Sent through the dev mailing list http://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Scan via alternate gateway Chris Frederick (Dec 22)
- Re: Scan via alternate gateway Robin Wood (Dec 22)
- Re: Scan via alternate gateway Jacek Wielemborek (Dec 22)
- Re: Scan via alternate gateway Chris Frederick (Dec 23)
- Re: Scan via alternate gateway Robin Wood (Dec 23)
- Re: Scan via alternate gateway Chris Frederick (Dec 23)
- Re: Scan via alternate gateway Jacek Wielemborek (Dec 22)
- Re: Scan via alternate gateway Robin Wood (Dec 22)