Here's my scenario. I am a pentester. I've just found a
misconfigured firewall that allows any UDP traffic
through, so long as it has source port of 53 (this type
of thing is quite common, you also often see source
port 80, 21 etc allowed in the same way.) I've scanned
through the firewall using nmap's -g switch to specify
source port udp/53 and would now like to start banging
on the services I've found, starting with SNMP. What I
want to do is run snmpwalk using netcat to force it to
use source port 53.
I believe it's possible to accomplish this using a
pipeline of multiple netcats and the -e switch, however
I can't get my head round how to do it. It would be
very very nice if it were possible to use a single
switch to turn netcat into an arbitary port
multiplexer. Something like...
snmpwalk sends packets to port 161 on localhost. netcat
hears these packets and sends them straight on to port
161 on the target IP, *setting the source port to 53*
(in my case). It would also need to accept the
returning data and pipe it back into snmpwalk.
Feel free to administer liberal cluestick if I've
missed some obvious docs describing how to do this, if
it is and they exist.
Cluestick coordinates: firstname.lastname@example.org .
Many thanks for your time reading the above! and thanks
for the work so far.