Penetration Testing mailing list archives
Re: Loose source routing for remote host discovery
From: Oliver Enzmann <oliver () cosec org>
Date: Thu, 8 May 2003 23:40:54 +0200
On Thursday 08 May 2003 21:46, R. DuFresne wrote:
The main trouble you face is that while the tools and toys you are using might allow such 'loose source routing' the question and sticker might well be, "do the devices your specially crafted packets need to traverse also play the same game?"
It's an all Cisco network. Source routed packets should be forwarded fine if the last known and reachable Cisco along the path is used as a hop for LSRR. I doubt that source routing has been turned off using "no ip source-route" in their configs. As for the endpoints, I don't know. They need to be discovered first ;-)
If those maintaining them have any salt to their meat, I'm betting they do not, and so your packets will only make it so far and then return information about route/host/service not found, etc.
Good point. I'll keep tcpdump logging all returned packets to a file. With a bit of postprocessing, I should be able to find out where the packets got stuck.
You can toss packets at a device, buut, if the device is not configed to play nicely with those packets, all the mangling in the world will not get that device to pass em. Of course, the devices ment to be traversed could have OS flaws or HW issues that fail them 'open' if they are hit hard enough or with truely mangeled enough packets, but, not the thing one might wish to place bets upon
I'll have to play nicely. Kernel panics and BSODs are not an option. Oliver -- Unix is sexy: "unzip", "strip", "touch", "mount", "sleep". --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
Current thread:
- Loose source routing for remote host discovery Oliver Enzmann (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 08)
- Re: Loose source routing for remote host discovery R. DuFresne (May 08)
- RE: Loose source routing for remote host discovery Dario Ciccarone (May 09)
- Re: Loose source routing for remote host discovery Oliver Enzmann (May 09)
- <Possible follow-ups>
- Re: Loose source routing for remote host discovery Chris McNab (May 09)