Nmap Development mailing list archives
Internal network scan
From: John Richard Moser <nigelenki () comcast net>
Date: Tue, 04 Dec 2007 13:17:11 -0500
In doing an idle scan I was wondering how to get inside the network with a port scan. Here is basically what I had: {Me} ----- {idle server} ----- {10.68.19.1 gw} / / {inet_target} I hit the inet_target with an idle scan, and through really bad banners I managed to find the internal address (and guess the gateway) for the idle server I was using. What I want to do is bounce packets off the internal gateway (and, of course, everything else) and find out wtf is going on in there. So for example: {Me} ---[SYN s:gw d:idl]--> {idl} ---[SYN/ACK]--> {gw} <--[WTF/RST]-- {Me} ---[ACK s:gw d:idl]--> {idl} ---[WTF/RST]--> {gw} I think the most you could accomplish here is... - Non-existent machines will not send replies on anything - Live machines will send a RST - Unfiltered ports will send RST - Filtered ports will send nothing The question of course is how does the ipid change with this? RST does nothing... I can't think of another way to irritate the internal network and figure out how it's responding. -- Bring back the Firefox plushy! http://digg.com/linux_unix/Is_the_Firefox_plush_gone_for_good https://bugzilla.mozilla.org/show_bug.cgi?id=322367 _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- Internal network scan John Richard Moser (Dec 04)