[1201] in bugtraq

home help back first fref pref prev next nref lref last post

STROBE v1.01 Super Optimised TCP port surveyor

daemon@ATHENA.MIT.EDU (Julian Assange)
Wed Mar 8 13:32:26 1995

From: Julian Assange <proff@suburbia.apana.org.au>
To: bugtraq@fc.net
Date: Thu, 9 Mar 1995 01:53:22 +1100 (EST)

The man page really describes it. The archive is:




STROBE 1.01(1)                                  STROBE 1.01(1)

       strobe - Super optimised TCP port surveyor

       strobe [ -vVmdbetnSilfs ] [host1 ... [hostn]]

       strobe   is  a  security/network tool  that  locates  and
       describes all listening tcp ports on a (remote) host or on
       many hosts in a bandwidth utilisation maximising, and pro-
       cess resource minimising manner.

       strobe approximates a parallel finite state machine inter-
       nally. In non-linear multi-host mode it attempts to appor-
       tion bandwidth and sockets amoung  the  hosts  very  effi-
       ciently. This    can  reap  appreciable gains in speed for
       multiple distinct hosts/routes.

       On a machine with a reasonable number of sockets,  strobe
       is  fast enough to port scan entire Internet sub domains.
       It is even possible to survey an entire small country in a
       reasonable  time from a fast machine on the network back-
       bone, provided the machine in question uses dynamic socket
       allocation   or  has  had  its  static  socket  allocation
       increased very appreciably (check your kernel options). In
       this  limited  application strobe is said to be faster and
       more flexible than ISS2.1 (an expensive, but verbose secu-
       rity  checker by Christopher Klaus) or PingWare (also com-
       ercial, and even more expensive).

       -v     Verbose output.

       -V     Verbose statistical output.

       -m     Minimise output. Only print hostname, port  tuples.
              Implies -d.  Useful for automated output parsing.

       -d     Delete duplicate entries for port descriptions. i.e
              use only the first definition.

       -g     Disable usage of getpeername(2).  On  solaris  2.3
              machines  this  causes  a core  dump,  for reasons
              unknown. This behavior is fixed with  solaris  2.4.
              Under Linux and perhaps other unix implimentations,
              false tcp connection positives may occurr when this
              option is activated.

       -s     Statistical  information  describing the average of
              all hosts surveyed is sent to stderr on completion.

       -q     Quiet mode. Don't print non-fatal errors or the (c)


STROBE 1.01(1)                                  STROBE 1.01(1)

       -d     Display only the first description in the port ser-
              vices entry file (Cf.  -B).

       -o file
              Direct  output  (but  not any messages which can be
              affected by -q) to file.

       -b number
              Beginning (starting) port number.

       -e     Ending port number.

       -t number
              Time after which a connection  attempt  to  a  com-
              pletely unresponsive host/port is aborted.

       -n number
              Use this number of sockets in parallel (defaults to
              64).  strobe attempts to figure out  if  number  is
              greater  than  the quantity of available sockets at
              any point in time -- and if so, only use the amount
              found.   On   some  UNIX  implimentations such  as
              Solaris, this appears not to work correctly and you
              may  find yourself  with unusual errors such as NO
              ROUTE TO HOST when  you  hit  the socket  ceiling.
              Remember  that  strobe probably isn't the only pro-
              cess on the system desiring a socket or two. Having
              strobe  pilfer  all  the  spare  sockets  away from
              inetd(8) and other daemons and clients isn't such a
              crash  hot  idea, unless  you want to stop all new
              incoming and outgoing connections.

       -S file
              Change the default port services  description  file
              to  file. Note    that  if -S is not specified port
              services are loaded from  one  of strobe.services,
              /usr/local/lib/strobe.services, or /etc/services.

       -i file
              Obtain  hostnames to  strobe from file rather than
              from the command line. Note  that only  the  first
              white-space  seperated word in each line of file is
              used, so one can feed in files such as  /etc/hosts.

       -l     Probe  hosts linearly (sequentually) rather than in
              parallel. The actuall ports on each host are  still
              checked in a parallel manner (with a parallelism of
              -n (defaults to 64)).

       -f     Fast mode, probe only the tcp ports detailed in the
              port services file (see -S).

       -a number
              Abort  and  skip  to  the next host after ports to


STROBE 1.01(1)                                  STROBE 1.01(1)

              number have been probed and  still  no  connections
              have occurred.

       strobe  -n 120 -a 80 -i /etc/hosts -s -f -V -S services -o

       strobe all entries in /etc/hosts (identical  ip  addresses
       are  skipped automagically) using 120 sockets in parallel,
       but only check the individual tcp ports mentioned in  ser-
       vices.  If we have probed up to port 80 on a host and have
       still not yet evidenced a connection, then skip that host.
       Display  speed/time  statistics  for each host and for the
       totality of hosts to stderr. Place the regular  output  in

       Strobe performs no other security functions (yet) and does
       not verify route blocking against  UDP  or  TCP  handshake
       sequence guessing one-way IP spoofing attacks.

       Julian Assange aka Proff




       Copyright (c) Julian Assange 1995, All rights reserved.

       This program maybe distributed only freely,  in  full  and
       without modification.  It may not be bundled with any sort
       of hardware or software, if a  fee  is  charged  for  that
       hardware or  software directly or indirectly, in whole or
       in part. If you would like to  include  this  software  in
       such  prohibited distribution  then  please  contact  the
       author to negotiate reasonable terms.

       The author shall not under any  circumstances  accept  any
       liability  for  this software, for its use, misuse, or any
       failings it may have.

       The author reserves the right to alter  the  aformentioned
       conditions  from time to time as he sees appropriate. The
       author's most recent copyright notice and  conditions  for


STROBE 1.01(1)                                  STROBE 1.01(1)

       this software always supersede any issued previously.

       Continued  use  of this software implies acceptance of the

       So there.

       nslookup(1), host(1),  dig(1),  socket(2),  bind(2),  con-
       nect(2), iss(1).

home help back first fref pref prev next nref lref last post