Nmap Development mailing list archives
Feature request : Nmap host and service mapping through a NAPT router
From: Mark Smith <nmap () nosense org>
Date: 09 Nov 2002 15:54:11 +1100
Hi, At the request of a fellow ADSL user, I was invited to test the security of his ADSL router, using Network Address Port Translation. After performing a NMAP UDP scan against his public address, a number of services were shown to be available. Obviously most of them were being port forwarded to internal hosts. What was interesting was that in my iptables logs, in addition to the IP headers of returned ICMP messages, the ICMP contents was also shown, listing the UDP packet that had caused the ICMP message. The IP header in the ICMP payload had not had "reverse" NAT performed on it as it left the internal device. This disclosed the internal IP address of the host. I would like to suggest an option in NMAP to detect when the payload IP header and outer IP headers don't match in the returned ICMP message, and then display the payload IP address in addition to the outer IP address. This would allow the NMAP user to have a partial map of the IP addresses of the hosts behind the NAPT device, and a map of which UDP port is being fowarded to which internal host. The discussion thread, showing the output I saw, is here : http://forums.whirlpool.net.au/forum-replies.cfm?t=45645 Btw, fyodor, and everyone else that has contributed to nmap - thanks. nmap is a marvelous tool. Regards, Mark. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- Feature request : Nmap host and service mapping through a NAPT router Mark Smith (Nov 08)
- Re: Feature request : Nmap host and service mapping through a NAT router R Anderson (Nov 09)
- Re: Feature request : Nmap host and service mapping through a NAPT router Chris Reining (Nov 11)