Re: [PEN-TEST] mapping hosts behind a router with stringent ACL's

From: Shoten (shotenat_private)
Date: Tue Apr 10 2001 - 13:41:13 PDT

  • Next message: Ruso, Anthony: "[PEN-TEST] Tool to bypass Gauntlet CyberPatrol Filter !!!"

    Try Firewalk, from PacketFactory
    
    http://packetfactory.net
    
    It allows you to do a TCP equivalent of traceroute, whereby you increment
    the TTL of the SYN until you reach the destination.  I doubt you could map
    much more than the route between you and the web server(s), though, and for
    some reason I cannot remember it fails when NAT takes place at the other
    end.
    
    ----- Original Message -----
    From: "Jason binger" <cisspstudyat_private>
    To: <PEN-TESTat_private>
    Sent: Thursday, April 05, 2001 8:33 AM
    Subject: [PEN-TEST] mapping hosts behind a router with stringent ACL's
    
    
    > I have a client that has a web farm only protected by
    > a router with stringent ACL's permitting TCP 80 and
    > 443. No ICMP is permitted.
    >
    > Some host are not contactable from the Internet as
    > there are ACL's blocking access to these hosts. Access
    > to these hosts is permitted from internal networks.
    >
    > I am wondering if it is possible to map these hosts
    > that have restrictive ACLs and determine their
    > whereabouts within the client supplied IP block?
    >
    > I have tried techniques such as firing ACK packets
    > hoping to ellicit a RST with no avail.
    >
    > I have tried techniques such as using nmap with source
    > ports of 21 and 53 and 80.. still with no results.
    >
    > Can anyone help me here?
    >
    > I also would like to determine the IP address of the
    > outside interface of the router. (ICMP is being
    > dropped).
    >
    > Any help appreciated.
    >
    > Jason
    >
    >
    >
    >
    >
    >
    > __________________________________________________
    > Do You Yahoo!?
    > Get email at your own domain with Yahoo! Mail.
    > http://personal.mail.yahoo.com/
    



    This archive was generated by hypermail 2b30 : Thu Apr 12 2001 - 23:09:00 PDT