Penetration Testing mailing list archives
RE: enumerating hosts behind a NAT box
From: "Zuromski, Brian" <brzurom () tycho ncsc mil>
Date: Fri, 10 Jun 2005 12:19:52 -0400
Thanks everyone....Alot of good info to start with!! -----Original Message----- From: Erik Kamerling [mailto:ekamerling () snaplen com] Sent: Friday, June 10, 2005 12:03 PM To: pen-test () securityfocus com Cc: Todd Towles; Zuromski, Brian Subject: Re: enumerating hosts behind a NAT box Idle scanning was conceived by Salvatore Sanfilippo in 1998 - before this paper was published I believe. This paper may provide you with some good info as well. http://www.caida.org/outreach/papers/2005/fingerprinting/ Best wishes and Good Luck! :-) Erik Kamerling On Friday 10 June 2005 11:49, Todd Towles wrote:
"A Technique for Counting NATted Hosts" - AT&T Labs Research http://www.cs.columbia.edu/~smb/papers/fnat.pdf It uses the IPID, like in Idlescanning. I can't remember exactly, but I think it was this paper that sparked the whole idlescanning idea, but I could be confused. -Todd-----Original Message----- From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil] Sent: Friday, June 10, 2005 10:25 AM To: 'pen-test () securityfocus com' Subject: enumerating hosts behind a NAT box hello, I'm trying to design a network mapping program and need to know if there is a way to pickup (identify, count, os identification) any hosts behind a NAT box. Also identifying a NAT box in the first place would be useful. Anyone have any luck doing so before or know of a way? Thanks ~Brian
Current thread:
- enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)
- RE: enumerating hosts behind a NAT box Leandro Reox (Jun 10)
- <Possible follow-ups>
- RE: enumerating hosts behind a NAT box Todd Towles (Jun 10)
- Re: enumerating hosts behind a NAT box Erik Kamerling (Jun 10)
- RE: enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)