« Walkthrough of Every Backtrack 2 tools
Backtrack 2 : Information Gathering –> All –> DMitry (Deepmagic Information Gathering Tool) »

Backtrack 2 : Information Gathering —> All —> Ass (Autonomous System Scanner)

By Pavs on July 11th, 2007

ASS, the autonomous system scanner, is designed to find the AS of the router.
It supports the following protocols: IRDP, IGRP, EIGRP, RIPv1, RIPv2, CDP, HSRP
and OSPF.
In passive mode (./ass -i eth0), it just listens to routing protocol packets
(like broadcast and multicast hellos).
In active mode (./ass -i eth0 -A), it tries to discover routers by asking for
information. This is done to the appropriate address for each protocol (either
broadcast or multicast addresses). If you specify a destination address, this
will be used but may be not as effective as the defaults.
EIGRP scanning is done differently: While scanning, ASS listens for HELLO
packets and then scans the AS directly on the router who advertised himself.
You can force EIGRP scanning into the same AS-Scan behavior as IGRP uses by
giving a destination or into multicast scanning by the option -M.
For Active mode, you can select the protocols you want to scan for. If you
don’t select them, all are scanned. You select protcols by giving the option -P
and any combination of the following chars: IER12, where:

* I = IGRP
* E = EIGRP
* R = IRDP
* 1 = RIPv1
* 2 = RIPv2

Usage is trival:
./ass [-v[v[v]]] -i <interface> [-p] [-c] [-A] [-M] [-P IER12]
-a <autonomous system start> -b <autonomous system stop>
[-S <spoofed source IP>] [-D <destination ip>]
[-T <packets per delay>]

Where:
-i <interface> interface
-v verbose
-A this sets the scanner into active mode
-P <protocols> see above (usage: -P EIR12)
-M EIGRP systems are scanned using the multicast
address and not by HELLO enumeration and
direct query
-a <autonomous system> autonomous system to start from
-b <autonomous system> autonomous system to stop with
-S <spoofed source IP> maybe you need this
-D <destination IP> If you don’t specify this, the appropriate
address per protocol is used
-p don’t run in promiscuous mode (bad idea)
-c terminate after scanning. This is not
recommened since answers may arrive later and
you could see some traffic that did not show
up during your scans
-T <packets per delay> packets how many packets should we wait some
miliseconds (-T 1 is the slowest scan
-T 100 begins to become unreliable)

(Source: http://www.mirrors.wiretapped.net/security/packet-construction/irpas/irpas-README.txt)

We used this command: ass -vvv -i eth0 -P EIR12 -M -a -p -D 192.168.1.1

snapshot2

That’s all.

pavs


Related Posts:

Trackbacks

  1. LinuxHaxor.net » Backtrack 2 All Information Gathering tools Reviewed
  2. LinuxHaxor.net » Backtrack 2 : Network Mapping –> All –> Autoscan
  3. ass for all

Subscribe without commenting


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.