Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Scan via alternate gateway

From: Chris Frederick <cdf123 () cdf123 net>
Date: Tue, 23 Dec 2014 10:46:37 -0600
No, the other option I'm thinking of is I have a netbook with Kali linux on it. I could plug that into the new dmz subnet, launch a scan with -S using the ip of the other server. Then have a tcpdump running on the server during the scan to pick up any replies. I might have to resort to that if I cant get a clear time for the scan. 

On 12/23/14 10:06, Robin Wood wrote:

Could you drop some type of VM on it and run the tests from there?

Robin

On 23 December 2014 at 16:03, Chris Frederick <cdf123 () cdf123 net> wrote:

Thanks, sounds like -g and policy routing with iptables sounds like it would
have worked.

Unfortunately, I think I backed myself into a corner on this one.  Kernel
was built without CONFIG_IP_MULTIPLE_TABLES or CONFIG_NF_NAT.  :(  So since
I'll have to kick people off the server either way, I'll probably just do
some 'ip route add/del' commands to switch between the two gateways quick.

Thanks for the tips though.


On 12/22/14 17:44, Jacek Wielemborek wrote:


W dniu 22.12.2014 o 23:59, Robin Wood pisze:


A quick thought, can you force nmap to use a fixed source port then
set up iptables to route anything from that source port through the
alternative gateway?

Robin



Yes, that should be possible using the -g option:

http://nmap.org/book/man-bypass-firewalls-ids.html#idm214689320608

As for the second part of the question, have a look here:

http://serverfault.com/q/225185/143824




_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/



_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/




_______________________________________________
Sent through the dev mailing list
http://nmap.org/mailman/listinfo/dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: