Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: tcp-traceroute

from [Renaud Deraison] Network Security [Permanent Link]
Subject: Re: tcp-traceroute
Date: Tue, 26 Oct 2004 09:25:27 -0400 
On Tue, Oct 26, 2004 at 12:52:08PM +0200, Thomas Springer wrote:

hi,

nessus does a traceroute, it says its an udp-trace.
isn't this really an icmp-trace?


All kind of traceroute (tcp or udp) is an icmp traceroute in the end -
the very basis of traceroute is to receive an ICMP unreach message from
the gateways on the way. So if a firewall on the way decides to block all
kind of outbound ICMP packets, your traceroute won't be complete no matter 
what kind of probe you sent in the first place.

As it has been pointed out, Nessus uses a TCP traceroute by default,
which is the more likely to work as we send packets to a TCP port that
is _known_ to be open. But that's not always sufficient.

If you're mapping a relatively small network (no more than 8 hops), you
probably want to use record_route.nasl (plugin#12264). It uses the IP
"record route" option, and is therefore _way_ more effective. The
downside is that (believe it or not) some incompetent vendors out there 
are selling routers/switches which _crash_ when they pass along an 
IP packet with the RR option set, which is why I had to change the type 
of this plugin to ACT_DESTRUCTIVE_ATTACK. So use it at your own risks.


                                -- Renaud
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: tcp-traceroute, Ron Gula
Next by Date:  Re: tcp-traceroute, Thomas Springer
Previous by Thread:  Re: tcp-traceroute, Ron Gula
Next by Thread:  Re: tcp-traceroute, Thomas Springer
Indexes:  [Date] [Thread] [Top] [All Lists]