home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
OS/2 Shareware BBS: 35 Internet
/
35-Internet.zip
/
strob103.zip
/
strobe.txt
< prev
next >
Wrap
Text File
|
1998-12-31
|
10KB
|
265 lines
STROBE 1.03(1) STROBE 1.03(1)
N_A_M_E_
strobe - Super optimized TCP port surveyor
S_Y_N_O_P_S_I_S_
s_t_r_o_b_e_ [ -vVmdbepPAtnSilfsaM ] [host1 ... [hostn]]
D_E_S_C_R_I_P_T_I_O_N_
s_t_r_o_b_e_ is a network/security tool that locates and
describes all listening tcp ports on a (remote) host or on
many hosts in a bandwidth utilisation maximising, and pro-
cess resource minimizing manner.
_s_t_r_o_b_e approximates a parallel finite state machine inter-
nally. In non-linear multi-host mode it attempts to appor-
tion bandwidth and sockets amoung the hosts very effi-
ciently. This can reap appreciable gains in speed for
multiple distinct hosts/routes.
On a machine with a reasonable number of sockets, _s_t_r_o_b_e
is fast enough to port scan entire Internet sub domains.
It is even possible to survey an entire small country in a
reasonable time from a fast machine on the network back-
bone, provided the machine in question uses dynamic socket
allocation or has had its static socket allocation
increased very appreciably (check your kernel options). In
this very limited application _s_t_r_o_b_e is said to be faster
than I_S_S_2_._1_ (a high quality commercial security scanner by
cklaus@iss.net and friends) or P_i_n_g_W_a_r_e_ (also comercial).
O_P_T_I_O_N_S_
-_v_ Verbose output.
-_V_ Verbose statistical output.
-_m_ Minimise output. Only print hostname, port tuples.
Implies -_d_. Useful for automated output parsing.
-_d_ Delete duplicate entries for port descriptions. i.e
use only the first definition.
-_g_ Disable usage of g_e_t_p_e_e_r_n_a_m_e_(2). On s_o_l_a_r_i_s_ 2.3
machines this causes a core dump, for reasons
unknown. This behavior is fixed with s_o_l_a_r_i_s_ 2.4.
Under Linux, HP and perhaps other unix implimenta-
tions, false tcp connection positives may occurr
when this option is activated.
-_s_ Statistical information describing the average of
all hosts surveyed is sent to stderr on completion.
-_q_ Quiet mode. Don't print non-fatal errors or the (c)
message.
-_d_ Display only the first description in the port
1
STROBE 1.03(1) STROBE 1.03(1)
services entry file (Cf. -_B_).
-_o_ f_i_l_e_
Direct output (but not any messages which can be
affected by -_q_) to file.
-_b_ n_u_m_b_e_r_
Beginning (starting) port number.
-_e_ n_u_m_b_e_r_
Ending port number.
-_p_ n_u_m_b_e_r_
Port number if you intend to scan a single port.
-_P_ n_u_m_b_e_r_
Local port to bind outgoing connection requests to.
(you will normally need super-user privileges to
bind ports smaller than 1024)
-_A_ a_d_d_r_e_s_s_
Interface address to send outgoing connection
requests from for multi-homed machines.
-_t_ n_u_m_b_e_r_
Time after which a connection attempt to a com-
pletely unresponsive host/port is aborted.
-_n_ n_u_m_b_e_r_
Use this number of sockets in parallel (defaults to
64). s_t_r_o_b_e_ attempts to figure out if n_u_m_b_e_r_ is
greater than the quantity of available sockets at
any point in time -- and if so, only use the amount
found. On some UNIX implimentations such as
Solaris, this appears not to work correctly and you
may find yourself with unusual errors such as N_O_
R_O_U_T_E_ T_O_ H_O_S_T_ when you hit the socket ceiling.
Remember that _s_t_r_o_b_e probably isn't the only pro-
cess on the system desiring a socket or two. Having
_s_t_r_o_b_e pilfer all the spare sockets away from
i_n_e_t_d_(8) and other daemons and clients isn't such a
crash hot idea, unless you want to stop all new
incoming and outgoing connections.
-_S_ f_i_l_e_
Change the default port services description file
to f_i_l_e_. Note that if -_S_ is not specified port
services are loaded from one of s_t_r_o_b_e_._s_e_r_v_i_c_e_s_,
/_u_s_r_/_l_o_c_a_l_/_l_i_b_/_s_t_r_o_b_e_._s_e_r_v_i_c_e_s_, or
/_e_t_c_/_s_e_r_v_i_c_e_s_.
-_i_ f_i_l_e_
Obtain hostnames to strobe from f_i_l_e_ rather than
from the command line. Note that only the first
white-space seperated word in each line of f_i_l_e_ is
2
STROBE 1.03(1) STROBE 1.03(1)
used, so one can feed in files such as /_e_t_c_/_h_o_s_t_s_.
If filename is '_-_'_ , stdin will be used.
-_l_ Probe hosts linearly (sequentually) rather than in
parallel. The actual ports on each host are still
checked in a parallel manner (with a parallelism of
-_n_ (defaults to 64)).
-_f_ Fast mode, probe only the tcp ports detailed in the
port services file (see -_S_).
-_a_ n_u_m_b_e_r_
Abort and skip to the next host after ports upto to
n_u_m_b_e_r_ have been probed and still no connections
have occurred. Due to the parallel nature of the
probing, reply packets for n+m may return before
those relating to n. What this means is that ports
> n_u_m_b_e_r_ may be probed. If s_t_r_o_b_e_ see's a connec-
tion on any one of these higher ports before its
negated all possibility of a service listening on
ports <= n_u_m_b_e_r_ then despite the fact that all
ports up to and including n_u_m_b_e_r_ may turn out to be
connectionless, _s_t_r_o_b_e will `abort the abort'. This
is considered optimal, if unusual behavior.
-_M_ Mail a bug report, or tcp/udp port description to
the current source maintainer.
E_X_A_M_P_L_E_S_
strobe -n 120 -a 80 -i /etc/hosts -s -f -V -S services -o out
_s_t_r_o_b_e all entries in _/_e_t_c_/_h_o_s_t_s (identical ip addresses
are skipped automagically) using 120 sockets in parallel,
but only check the individual tcp ports mentioned in _s_e_r_-
_v_i_c_e_s. If we have probed up to port 80 on a host and have
still not yet evidenced a connection, then skip that host.
Display speed/time statistics for each host and for the
totality of hosts to stderr. Place the regular output in
_o_u_t.
ypcat hosts | strobe -p 80 -t 2 -A 203.4.184.1 -P 53
_s_t_r_o_b_e all hosts in your hosts YP/NIS-table for WWW-
servers. Use a timeout of two seconds. Set the source
address to the 203.4.184.1 interface. Make all connection
requests appear to come from port 53 (DNS).
_B_U_G_S
_S_t_r_o_b_e performs no other security functions (yet) and does
not verify route blocking against UDP or TCP handshake
sequence guessing one-way IP spoofing attacks.
3
STROBE 1.03(1) STROBE 1.03(1)
_A_U_T_H_O_R
_J_u_l_i_a_n _A_s_s_a_n_g_e
EMAIL:
strobe@suburbia.net
proff@suburbia.net
_O_F_F_I_C_A_L _D_I_S_T_R_I_B_U_T_I_O_N
ftp://suburbia.net:/pub/strobe.tgz
_C_O_P_Y_R_I_G_H_T
Copyright (c) Julian Assange 1995, All rights reserved.
This software maybe distributed only freely, in full and
without modification. It may not be bundled with any sort
of hardware or software if a fee is charged for that hard-
ware or software directly or indirectly, in whole or in
part. If you would like to include this software in such a
distribution then please contact the author to negotiate
reasonable (possibly free) terms.
The author shall not under any circumstances accept any
liability for this software, for its use, misuse, or any
failings it may have. Your on your own.
The author reserves the right to alter the aformentioned
conditions from time to time as he sees appropriate. The
author's most recent copyright notice and conditions for
this software always supersede any issued previously.
Use and or distribution of this software implies accep-
tance of the above.
_S_o _t_h_e_r_e.
_S_E_E _A_L_S_O
_n_s_l_o_o_k_u_p(1), _h_o_s_t(1), _d_i_g(1), _s_o_c_k_e_t(2), _b_i_n_d(2), _c_o_n_-
_n_e_c_t(2), _i_s_s(1).
4