Re: Blocked Port (slightly off-topic)

Tue, 14 May 2002 09:38:02 -0700 

On Tue, May 14, 2002 at 10:58:21AM -0500, Russ Foster wrote:
> Can anyone offer an avenue of direction on what I should look into next? Or
> how to go about determining where, exactly, this port is being blocked?

Use firewalk. Or you can even use this stupid NASL script, which should
tell you at which hop the packet was blocked (be sure to allow icmp
unreachable messages inbound).

Usage :

nasl -t ip.of.the.remote.host fwalk.nasl


                                -- Renaud




#
# The script code starts here
#

finished = 0;
ttl = 1;
ip_id = rand();
src = this_host();
dst = get_host_ip();
error = 0;

str_ip = string(dst);
z = strstr(str_ip, ".");

filter = string("icmp and ((icmp[0]==3) or (icmp[0]==11)) ",
                "and (icmp[24]==", str_ip-z,") ");
                
z[0]=" ";
t = strstr(z, ".");
filter = filter + string("and (icmp[25]==",z-t,") ");
t[0]=" ";
z = strstr(t, ".");
filter = filter + string("and (icmp[26]==", t-z, ") ");
z[0]=" ";
filter = filter + string("and (icmp[27]==", z, ")");


icmpfilter = filter;

# we'll send packets to port 1241, with sport 10123

sport = 10123;
dport = 23;

tcpfilter = string("tcp and src port ", dport, " and dst port ", sport);

filter = string("dst host ", src, " and ((", tcpfilter, ") or (", icmpfilter, "))");


d = get_host_ip();
prev = string("");

#
# the traceroute itself
#

while(!finished)
{
 display("Hop #", ttl, "\n");
 ip = forge_ip_packet(ip_v : 4, ip_hl:5, ip_tos:0, ip_id:ip_id,
                      ip_len:20, ip_off:0, ip_p:IPPROTO_TCP, 
                      ip_src:src, ip_ttl:ttl);

 tcp = forge_tcp_packet(ip:ip,
                               th_sport: sport,
                               th_dport: dport,
                               th_flags:TH_SYN,
                               th_seq: 3984,
                               th_ack: 0,
                               th_x2: 0,
                               th_off: 5,
                               th_win: 8192,
                               th_urp: 0);

 
 rep = 0;
 for(i=0;((i<5) && (!rep));i=i+1)
 {
 rep = send_packet(tcp, pcap_active:TRUE, pcap_filter:filter,pcap_timeout:1);
 }

 if(!rep){
        display("Packet seemed to have been blocked ", ttl, " hops away\n");
        exit(0);
        }
 else
 {
 proto = get_ip_element(ip:rep, element:"ip_p");
 if(proto == IPPROTO_TCP){
        flag = get_tcp_element(tcp:rep, element:"th_flags");
        if(flag & TH_ACK){
                display("Packet arrived safely\n");
                exit(0);
                }
        }
        
        
  ttl = ttl+1;
 }
 
 if(ttl > 50)
 {
  display("Uh-ho\n");
  exit(0);
 }
}

Reply via email to