Post by Patrik Karlsson
Hi all,
I had a discussion about ip forwarding and "internet connection sharing"
with a friend the other day.
The discussion was about detecting multi homed laptops having both the
wireless and wired network interfaces active and ip forwarding enabled.
I came up with the attached script which essentially tries to use each
scanned host as a gateway and sends a ping packet to a given target (either
on the same LAN or routed).
It then sees whether it gets a ICMP echo reply or redirect back and
determines whether the packet was forwarded or not.
I've tried it against Windows 7 connection sharing, my home router and a OS
X server with ip forwarding activated and it works as intended.
If there's another more efficient way to discover this, let me know,
otherwise I will commit the script within the next few days.
The script relies on some recent changes to packet.lua, so it needs this to
be updated library as well.
Cheers,
Patrik
_______________________________________________
Sent through the nmap-dev mailing listhttp://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Patrik,
Just tried this out, and I'm coming up with lots of false positives.
Basically, because of parallelism, the pcap_receive() calls all succeed on
the same packet, meaning all hosts in the same hostgroup as a machine with
forwarding on will show positive. I've attached a patch that modifies the
BPF to match the source mac against the target's mac, which seems to solve
the problem. I had to borrow the format_mac function from
targets-ipv6-multicast-echo, since the packet library doesn't have an
equivalent (that I can find).
Dan