http://www.monkey.org/~dugsong/fragroute/ Didn't work for me - it doesn't really work as LSRR and SSRR should work. It just sets the option and copies the list of IP addresses you supply to the end of the packet - but doesn't do the actual source-routing pointer-juggling and such. Good Luck. Let us all know if it worked for you :D Dario > -----Original Message----- > From: Oliver Enzmann [mailto:oliverat_private] > Sent: Thursday, May 08, 2003 11:02 AM > To: pen-testat_private > Subject: Loose source routing for remote host discovery > > > Hello, > > I need to discover hosts and services on remote subnets using > nmap or similar. > However, routes to/from some of these subnets have local > significance only > and are therefore not redistributed into the global routing > tables. The lack > of complete routing tables obviously causes end-to-end layer > 3 connectivity > and scanning of these subnets to fail. > > What I need is a way to use loose source routing in > combination with nmap - > a way to mangle packets and add loose source routing > information to the IP > options before nmap's packets are sent out to the wire. > > I've looked at netcat (-g option to add source routing > information ) but I > would prefer to use nmap for the actual scanning. Also, > hping2-rc2 seems to support source routing but I haven't > tried it yet mainly because nmap is the > tool of choice. > > This is on Linux with kernel 2.4. Netfilter or iproute2 > tricks would be > definite possibilities. > > TIA, Oliver > -- > Unix is sexy: "unzip", "strip", "touch", "mount", "sleep". > > > -------------------------------------------------------------- > ------------- > Did you know that you have VNC running on your network? > Your hacker does. > Plug your security holes. > Download a free 15-day trial of VAM: > http://www.securityfocus.com/StillSecure-pen-> test > > > -------------------------------------------------------------- > -------------- > > --------------------------------------------------------------------------- Did you know that you have VNC running on your network? Your hacker does. Plug your security holes. Download a free 15-day trial of VAM: http://www.securityfocus.com/StillSecure-pen-test ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 11:04:58 PDT