Penetration Testing mailing list archives
Re: Discovering hosts behind NAT
From: Wolfgang Zenker <wolfgang () jpaves de>
Date: Fri, 25 May 2001 14:27:12 +0200 (CEST)
Franklin DeMatto wrote:
How can hosts which are using RFC 1918 non-routed ip's be discovered and contacted?
Scenario:
A DNS Zone transfer, as well as usenet searches, indicate usage of RFC 1918 addresses for a certain domain name (let's call it internal.company.com). [..] There are two known network devices: a cisco, which seems totally silent, and a wellfleet router.
You could try to use "IP Source Routing" to contact internal hosts on the destination network. Some versions of ping allow you to set the source route option in your pakets using the "-g" option, you would use the outside router of the destination network as gateway and if that does not work, try to add a dmz host as second gateway. Wolfgang -- Wolfgang Zenker Mail: W.Zenker () jpaves de JPAVES Unix Online GmbH Fon: (+49) 721 / 955 40 60 Kaiserallee 87 Fax: (+49) 721 / 955 40 62 D-76185 Karlsruhe Web: www.jpaves.de
Current thread:
- Discovering hosts behind NAT Franklin DeMatto (May 22)
- Re: Discovering hosts behind NAT Javier Fernandez-Sanguino Peña (May 23)
- Re: Discovering hosts behind NAT Alex Butcher (May 23)
- Re: Discovering hosts behind NAT Wolfgang Zenker (May 25)
- <Possible follow-ups>
- Re: Discovering hosts behind NAT Test Working (May 24)
- RE: Discovering hosts behind NAT Dawes, Rogan (ZA - Johannesburg) (May 24)