RE: Loose source routing for remote host discovery

From: Dario Ciccarone (dciccaroat_private)
Date: Thu May 08 2003 - 10:51:18 PDT

Next message: daveat_private: "Re: HTTP NTLM password cracker"

Previous message: S. Rohit: "Re: HTTP NTLM password cracker"
In reply to: Oliver Enzmann: "Loose source routing for remote host discovery"
Next in thread: R. DuFresne: "Re: Loose source routing for remote host discovery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.monkey.org/~dugsong/fragroute/

Didn't work for me - it doesn't really work as LSRR and SSRR should
work. It just sets the option and copies the list of IP addresses you
supply to the end of the packet - but doesn't do the actual
source-routing pointer-juggling and such. Good Luck. Let us all know if
it worked for you :D


Dario


> -----Original Message-----
> From: Oliver Enzmann [mailto:oliverat_private] 
> Sent: Thursday, May 08, 2003 11:02 AM
> To: pen-testat_private
> Subject: Loose source routing for remote host discovery
> 
> 
> Hello,
> 
> I need to discover hosts and services on remote subnets using 
> nmap or similar. 
> However, routes to/from some of these subnets have local 
> significance only 
> and are therefore not redistributed into the global routing 
> tables. The lack 
> of complete routing tables obviously causes end-to-end layer 
> 3 connectivity 
> and scanning of these subnets to fail.  
> 
> What I need is a way to use loose source routing in 
> combination with nmap - 
> a way to mangle packets and add loose source routing 
> information to the IP 
> options before nmap's packets are sent out to the wire. 
>  
> I've looked at netcat (-g option to add source routing 
> information ) but I 
> would prefer to use nmap for the actual scanning. Also, 
> hping2-rc2 seems to support source routing but I haven't 
> tried it yet mainly because nmap is the 
> tool of choice. 
> 
> This is on Linux with kernel 2.4. Netfilter or iproute2 
> tricks would be 
> definite possibilities.
> 
> TIA, Oliver
> -- 
> Unix is sexy: "unzip", "strip", "touch", "mount", "sleep".
> 
> 
> --------------------------------------------------------------
> -------------
> Did you know that you have VNC running on your network?
> Your hacker does.
> Plug your security holes.
> Download a free 15-day trial of VAM: 
> http://www.securityfocus.com/StillSecure-pen-> test
> 
> 
> --------------------------------------------------------------
> --------------
> 
> 


---------------------------------------------------------------------------
Did you know that you have VNC running on your network?
Your hacker does.
Plug your security holes.
Download a free 15-day trial of VAM:
http://www.securityfocus.com/StillSecure-pen-test
----------------------------------------------------------------------------

Next message: daveat_private: "Re: HTTP NTLM password cracker"
Previous message: S. Rohit: "Re: HTTP NTLM password cracker"
In reply to: Oliver Enzmann: "Loose source routing for remote host discovery"
Next in thread: R. DuFresne: "Re: Loose source routing for remote host discovery"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 08 2003 - 11:04:58 PDT