Nmap Development mailing list archives
Re: broadcast address
From: "bingle2000 () hotmail com" <bingle2000 () hotmail com>
Date: Fri, 22 Aug 2003 12:30:44 +0800
cc: that means 192.168.10.255 is a subnet broadcast address, and 2 extra host response to the broadcast address ping. Those hosts are vulnerable to the smurf dos attack. to found them, ping the broadcast address, and use sniffer to found out who replay. D:\>nmap -sP -n 192.168.0.1/24 Host 192.168.0.255 seems to be a subnet broadcast address (returned 5 extra pin gs). D:\>ping 192.168.0.255 Pinging 192.168.0.255 with 32 bytes of data: Reply from 192.168.0.255: bytes=32 time<10ms TTL=255 Reply from 192.168.0.255: bytes=32 time<10ms TTL=255 D:\>xsniff -icmp Sniffing ICMP ... <Ctrl-C> to quit ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=5 ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5 ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5 ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5 ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5 ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5 ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=6 ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6 ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6 ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6 ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6 ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6 so the hosts are 192.168.0.245 & 192.168.0.151 & 192.168.0.254 & 192.168.0.87 & 192.168.0.150 ======= 2003-08-22 11:14:00 =======
Hi, When I do a nmap -sP 192.168.10.0/24, I always get this at the end: Host 192.168.10.255 seems to be a subnet broadcast address (returned 2 extra pings). Note -- the actual IP also responded. Can someone point out how I might be able to tell which system is responding to the broadcasts? While it isn't a security issue as the broadcasts don't get thrown into the Internet, I am a bit concerned. Thanks. --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org). .
bingle2000 bingle2000 () hotmail com 2003-08-22 --------------------------------------------------------------------- For help using this (nmap-dev) mailing list, send a blank email to nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Current thread:
- broadcast address cc (Aug 21)
- <Possible follow-ups>
- Re: broadcast address bingle2000 () hotmail com (Aug 21)