Rogue Gateway Detection: Sender
This module send a series of TCP SYN and ICMP ECHO requests to each internal target host, spoofing the source address of an external system running the rogue_recv module. This allows the system running the rogue_recv module to determine what external IP a given internal system is using as its default route.
Rank
- Normal
Authors
- hdm < hdm [at] metasploit.com >
Vulnerability References
Development
Similar Modules
Usage Information
$ msfconsole
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/rogue/rogue_send
msf auxiliary(rogue_send) > set EHOST [ADDRESS]
msf auxiliary(rogue_send) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(rogue_send) > run
## ### ## ##
## ## #### ###### #### ##### ##### ## #### ######
####### ## ## ## ## ## ## ## ## ## ## ### ##
####### ###### ## ##### #### ## ## ## ## ## ## ##
## # ## ## ## ## ## ## ##### ## ## ## ## ##
## ## #### ### ##### ##### ## #### #### #### ###
##
msf > use auxiliary/scanner/rogue/rogue_send
msf auxiliary(rogue_send) > set EHOST [ADDRESS]
msf auxiliary(rogue_send) > set RHOSTS [TARGET HOST RANGE]
msf auxiliary(rogue_send) > run
Module Options
| CPORT | The source port for the TCP SYN packet (default: 13832) |
| ECHOID | The unique ICMP ECHO ID to embed into the packet (default: 7893) |
| EHOST | The IP address of the machine running rogue_recv |
| INTERFACE | The name of the interface |
| RHOSTS | The target address range or CIDR identifier |
| RPORT | The destination port for the TCP SYN packet (default: 80) |
| SNAPLEN | The number of bytes to capture (default: 65535) |
| THREADS | The number of concurrent threads (default: 1) |
| TIMEOUT | The number of seconds to wait for new data (default: 500) |
| GATEWAY | The gateway IP address. This will be used rather than a random remote address for the UDP probe, if set. |
| NETMASK | The local network mask. This is used to decide if an address is in the local network. |
| ShowProgress | Display progress messages during a scan |
| ShowProgressPercent | The interval in percent that progress should be shown |
| UDP_SECRET | The 32-bit cookie for UDP probe requests. |
| VERBOSE | Enable detailed status messages |
| WORKSPACE | Specify the workspace for this module |