Penetration Testing mailing list archives

RE: enumerating hosts behind a NAT box

From: "Todd Towles" <toddtowles () brookshires com>
Date: Fri, 10 Jun 2005 10:49:37 -0500

 
"A Technique for Counting NATted Hosts" - AT&T Labs Research
http://www.cs.columbia.edu/~smb/papers/fnat.pdf

It uses the IPID, like in Idlescanning. I can't remember exactly, but I
think it was this paper that sparked the whole idlescanning idea, but I
could be confused.

-Todd

-----Original Message-----
From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil] 
Sent: Friday, June 10, 2005 10:25 AM
To: 'pen-test () securityfocus com'
Subject: enumerating hosts behind a NAT box

hello,
         I'm trying to design a network mapping program and 
need to know if there is a way to pickup (identify, count, os 
identification) any hosts behind a NAT box. Also identifying 
a NAT box in the first place would be
useful.   Anyone have any luck doing so before or know of a way?

Thanks
~Brian

Current thread:

enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)
- RE: enumerating hosts behind a NAT box Leandro Reox (Jun 10)
- <Possible follow-ups>
- RE: enumerating hosts behind a NAT box Todd Towles (Jun 10)
  - Re: enumerating hosts behind a NAT box Erik Kamerling (Jun 10)
- RE: enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)