Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Using TTL to Locate Hosts

from [Pete Herzog] Network Security [Permanent Link]
Subject: Re: Using TTL to Locate Hosts
Date: Thu, 30 Mar 2006 10:33:24 +0200 
Hi,

It's a pretty open question. Do you want to know if the machine (networking stack in kernel) is up or the service?

TTL is a guide. When you send a packet, you are looking for a response. That response will contain a TTL. However, you don't know many things about that TTL. The most important thing you don't know is if the TTL was created by the stack on the host or somewhere else, most often a device between you and the host. This device can be proxies for certain ports, like cache proxies for HTTP port 80, or a "firewall".

The good thing is that the TTL if through correlation you can identify where the response came from, you have your probable answer of "up".

There are tools, especially in HPING, that will help you do things such as Fire Walking (there is also a firewalking tool) and loose source routing which both work with "hops" and end-effect TTLs in sending to achieve responses. Something as simple as Traceroute and its derivatives (like TCPtraceroute) especially with attempting certain settings (see the OSSTMM 2.11 modules on Logistics and Enumeration) will aide in eliciting responses. Every response counts as it tells you something about the host.

Sincerely,
-pete.

Chris Hammer wrote:
Hello everyone, I had an interesting question posed to me earlier. The
question was "Could you use only the TTL of a packet to locate hosts and
verify they are up?" I know playing around with Tracert this could be
possible, or a crafted packet using HPING. Any other ideas or thoughts?
Thanks!
Chris 

------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/forms/ec.php?pubid=10025
And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------

[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: NMAP Switches, -sS, -sT, etc., Marco Ivaldi
Next by Date:  SMTP service on Cisco VPN Concentrator, Rick Zhong
Previous by Thread:  Using TTL to Locate Hosts, Chris Hammer
Next by Thread:  Re: Using TTL to Locate Hosts, Joe
Indexes:  [Date] [Thread] [Top] [All Lists]