Open secusoc opened 5 years ago
Hi all, I have strange things with masscan, works for other LAN/VLAN but not for mine
My conf
OS: RHEL 7.5 Masscan version 1.0.3 ( https://github.com/robertdavidgraham/masscan ) Compiled on: Jan 21 2017 12:09:31 Compiler: gcc 4.8.5 20150623 (Red Hat 4.8.5-11) OS: Linux CPU: unknown (64 bits) GIT version: unknown IP: 10.228.253.101 route: Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.228.255.254 0.0.0.0 UG 0 0 0 eth0 10.228.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0 10.229.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1 10.230.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
I) Test server on my LAN 10.228.253.100
a) Ping server via "PING" => OK
$ ping 10.228.253.100 64 bytes from 10.228.253.100: icmp_seq=1 ttl=64 time=1.02 ms 64 bytes from 10.228.253.100: icmp_seq=2 ttl=64 time=0.514 ms $ sudo tcpdump -n -i any host 10.228.253.100 and 10.228.253.101 08:26:56.386772 IP 10.228.253.101 > 10.228.253.100: ICMP echo request, id 20256, seq 2, length 64 08:26:56.387247 IP 10.228.253.100 > 10.228.253.101: ICMP echo reply, id 20256, seq 2, length 64
b) Ping server via "MASSCAN" => KO
$ sudo masscan --ping 10.228.253.100 --max-rate 100 Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2018-10-17 06:31:33 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] $ sudo tcpdump -n -i any host 10.228.253.100 and 10.228.253.101 (nothing)
c) Syn ssh via "NMAP" => OK
$ sudo nmap -P0 -p22 10.228.253.100 Host is up (0.00052s latency). PORT STATE SERVICE 22/tcp open ssh Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds $ sudo tcpdump -n -i any host 10.228.253.100 and 10.228.253.101 08:37:48.537231 IP 10.228.253.101.56689 > 10.228.253.100.ssh: Flags [S], seq 646278291, win 1024, options [mss 1460], length 0 08:37:48.537692 IP 10.228.253.100.ssh > 10.228.253.101.56689: Flags [S.], seq 564100738, ack 646278292, win 29200, options [mss 1460], length 0 08:37:48.537708 IP 10.228.253.101.56689 > 10.228.253.100.ssh: Flags [R], seq 646278292, win 0, length 0
d) Syn ssh via "MASSCAN" => KO
$ sudo masscan -p22 10.228.253.100 --max-rate 100 Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2018-10-17 06:39:47 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] $ sudo tcpdump -n -i any host 10.228.253.100 and 10.228.253.101 (nothing)
II) Ping et Syn ssh via "MASSCAN" on other LAN
$ sudo masscan --ping 10.225.253.50 --max-rate 100 Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2018-10-17 07:42:04 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] Discovered open port 0/icmp on 10.225.253.50 $ sudo tcpdump -n -i any host 10.225.253.50 09:42:04.400725 IP 10.225.253.50 > 10.228.253.101: ICMP echo reply, id 56505, seq 65149, length 56 $ sudo masscan -p22 10.225.253.50 --max-rate 100 Starting masscan 1.0.3 (http://bit.ly/14GZzcT) at 2018-10-17 07:44:07 GMT -- forced options: -sS -Pn -n --randomize-hosts -v --send-eth Initiating SYN Stealth Scan Scanning 1 hosts [1 port/host] Discovered open port 22/tcp on 10.225.253.50 $ sudo tcpdump -n -i any host 10.225.253.50 09:44:07.537033 IP 10.225.253.50.ssh > 10.228.253.101.42247: Flags [S.], seq 2037267691, ack 2272701532, win 29200, options [mss 1460], length 0 09:44:07.537073 IP 10.228.253.101.42247 > 10.225.253.50.ssh: Flags [R], seq 2272701532, win 0, length 0
Then: On my lan => no packets, on other LAN masscan do the job ? No security stuff between, no iptables for the test...
Thanks for your help Regards
Same issue. Reason described at the option --router-mac. If you run Wireshark you'll see that masscan sends all LAN packets to gateway MAC in Ethernet frame.
Hi all, I have strange things with masscan, works for other LAN/VLAN but not for mine
My conf
I) Test server on my LAN 10.228.253.100
a) Ping server via "PING" => OK
b) Ping server via "MASSCAN" => KO
c) Syn ssh via "NMAP" => OK
d) Syn ssh via "MASSCAN" => KO
II) Ping et Syn ssh via "MASSCAN" on other LAN
Then: On my lan => no packets, on other LAN masscan do the job ? No security stuff between, no iptables for the test...
Thanks for your help Regards