From: Ben Timby (asp@webexc.com)
Date: Thu Jul 29 2004 - 15:58:29 EDT
Sorry, I forgot to copy the group with my reply, here it is (a bit late):
-- hello, I would investigate using a firewall like pf that would allow you to rewrite outbound packets. You may be able to accomplish it this way. RDR/NAT rules may be useful for this purpose. Also, you may be able to abuse proxy capabilities for your purpose. Another method may be to use packet factory type software like hping to simulate the protocols you wish to inspect. This may involve making packet caps of "real" sessions, and then writing shell scripts to "play these back" using hping or another packet generating tool of your choice, which allows you to set arbitrary payload, source ip/port, etc. One other thought is to use a udp reflector (you could write one) that would wait for connections on a particular udp port, and forward them to a specific host on a specific port from a specific port. This would be pretty simple software to write. Hope that helps! wnorth wrote: > So, I found something interesting during a pen test of an F5 3DNS device. > Just doing a simple UDP port scan against the device and sourcing my port as > udp/53 I was able to see all of the UDP services running. The next step > would have been to try and test these services by keeping my source port as > UDP/53. Anyone know of a way to do this, something like testing SNMP by > sourcing as UDP/53, or some other test. > > Suggestions are welcome. > > -wn > >
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT