Security Basics mailing list archives

Re: Scanning hosts behind a NAT

From: "insecure" <insecure () yandex ru>
Date: Tue, 25 Apr 2006 15:42:30 +0400 (MSD)

Hi list ;),
I'm a student and I'm trying to learn how nmap does its job.
Today, for example, I tried to scan my home network ( ;) )... In fact,
I've 2 computers behind a router (which does wireless AP, router &
firewall: linksys wrt54g). Then, I tried to scan from "outside" the
network (aka: from a friend on the internet).
On the router (LAN ip: 192.168.1.1) , I've the port 6356 (Gnutella)
which is forwarded to 192.168.1.2 (my first pc).

When I tried to scan from outside, I obviously obtain:


Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-22 18:26 CEST
Warning:  OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
Interesting ports on 80.13.xx.yy:
(The 1671 ports scanned but not shown below are in state: filtered)
PORT     STATE  SERVICE  VERSION
6346/tcp closed gnutella
Too many fingerprints match this host to give specific OS details

In fact, it was what I was expecting for. My question is how to scan
the hosts behind the router (NAT) ? Is it possible ?

Thanks

N.

-------------------------------------------------------------------------
This List Sponsored by: Webroot


AFAIK no, because of the NAT nature. It was designed to hide real network. In fact there are some methods to count 
hosts behind NAT (search history of the list and latest numbers of phrack), but that is all.

-- 
Roman Shirokov
Systems Administrator
85A4 8586 FEEE 171B D0F1  A9C1 27C8 A907 EE45 7D0E

http://securitybox.org.ru
e-mail: securitybox () softhome net



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Current thread:

Scanning hosts behind a NAT Norbert François (Apr 24)
- Re: Scanning hosts behind a NAT Kenton Smith (Apr 24)
- Re: Scanning hosts behind a NAT Craig Van Tassle (Apr 25)
- Re: Scanning hosts behind a NAT insecure (Apr 25)