Re: Scanning hosts behind a NAT

["Craig Van Tassle" <craig () codestorm org>]

> Hi list ;),
> I'm a student and I'm trying to learn how nmap does its job.
> Today, for example, I tried to scan my home network ( ;) )... In fact,
> I've 2 computers behind a router (which does wireless AP, router &
> firewall: linksys wrt54g). Then, I tried to scan from "outside" the
> network (aka: from a friend on the internet).
> On the router (LAN ip: 192.168.1.1) , I've the port 6356 (Gnutella)
> which is forwarded to 192.168.1.2 (my first pc).
>
> When I tried to scan from outside, I obviously obtain:

That is what you would get if you just went up to the front door and
started knocking on it and asking what services they are running.  A
couple of options you may want to look into are FTP bounce scans, the
various other scans that are avaliable with nmap, such as a SIN/FIN/XMAS
scan.  I know that its possible to ping some places and get past the
firewall with various ICMP messages and UDP messages as well.  Also look
at the routing options avaliable to nmap. They may give you some help
getting past NAT.

But as the other poster said 99% of properly configured NATing routes will
return only the external IP address, but just becuause some people say its
not possible does not mean it is. Its just harder then a server with a
true public IP. HTH


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------