New reconnaissance tool: 0trace

I’d like to announce the availability of a free security reconnaissance/firewall bypassing tool called 0trace written by Michal Zalewski. This tool enables the user to perform hop enumeration (“traceroute”) within an established TCP connection, such as a HTTP or SMTP session. This is opposed to sending stray packets, as traceroute-type tools usually do.

The important benefit of using an established connection and matching TCP packets to send a TTL-based probe is that such traffic is happily allowed through by many stateful firewalls and other defenses without further inspection (since it is related to an entry in the connection table)

The tool is available here (Linux version):
http://lcamtuf.coredump.cx/soft/0trace.tgz



Thank you for reading this post. You can now Read Comment (1) or Leave A Trackback. Print This Post Print This Post

One Response to “New reconnaissance tool: 0trace


Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

CommentLuv badge