Security Basics mailing list archives
Re: Scanning hosts behind a NAT
From: "Craig Van Tassle" <craig () codestorm org>
Date: Mon, 24 Apr 2006 15:16:48 -0500 (CDT)
Hi list ;), I'm a student and I'm trying to learn how nmap does its job. Today, for example, I tried to scan my home network ( ;) )... In fact, I've 2 computers behind a router (which does wireless AP, router & firewall: linksys wrt54g). Then, I tried to scan from "outside" the network (aka: from a friend on the internet). On the router (LAN ip: 192.168.1.1) , I've the port 6356 (Gnutella) which is forwarded to 192.168.1.2 (my first pc). When I tried to scan from outside, I obviously obtain:
That is what you would get if you just went up to the front door and started knocking on it and asking what services they are running. A couple of options you may want to look into are FTP bounce scans, the various other scans that are avaliable with nmap, such as a SIN/FIN/XMAS scan. I know that its possible to ping some places and get past the firewall with various ICMP messages and UDP messages as well. Also look at the routing options avaliable to nmap. They may give you some help getting past NAT. But as the other poster said 99% of properly configured NATing routes will return only the external IP address, but just becuause some people say its not possible does not mean it is. Its just harder then a server with a true public IP. HTH ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- Scanning hosts behind a NAT Norbert François (Apr 24)
- Re: Scanning hosts behind a NAT Kenton Smith (Apr 24)
- Re: Scanning hosts behind a NAT Craig Van Tassle (Apr 25)
- Re: Scanning hosts behind a NAT insecure (Apr 25)