On 3/16/19 12:04 PM, Erik Auerswald wrote:
Hi,
Hi,
Yeah, one needs to send a packet destined to the same machine out an interface. That might need some trickery.
The more that I think about it, the more that I think: · BFD-EM style to-be-routed packet might work better than ICMP. · link-net IPs shouldn't be a problem.
I remember some related trickery from a Project Zero blog post: googleprojectzero.blogspot.de/2015/12/fireeye-exploitation-project-zeros.html
Either I'm not understanding what you're referring to. Or I don't see how essentially sniffing a (mirror / SPAN) port differs from what I said previously about sniffing traffic.
Or are you talking about applying sniffing to the BFD-EM frame?
A BFD daemon using RAW sockets (neither UDP nor TCP) might not need something like the above, similar to ping -I <Iface> -r <TargetIP>.
I'm really starting to question if I'm / we're not over complicating this.I can't think of a reason why BFD-EM to from & to the local link-net IP via the far end router's MAC address won't work.
The link-net IPs should only be used for things on the link. So I don't see any disadvantage of said IPs not being reachable if the link is down / down. Arguably, that's a state that BFD-EM should account for. The reason for using BFD-EM would want to know about such a down / down state.
-- Grant. . . . unix || die
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
