Nmap Development mailing list archives

Re: broadcast address

From: "bingle2000 () hotmail com" <bingle2000 () hotmail com>
Date: Fri, 22 Aug 2003 12:30:44 +0800

cc:

        that means 192.168.10.255 is a subnet broadcast address, and 2
extra host response to the broadcast address ping. Those hosts are vulnerable to the smurf dos attack. to found them, 
ping the broadcast address, and use sniffer to found out who replay.

D:\>nmap -sP -n 192.168.0.1/24
Host 192.168.0.255 seems to be a subnet broadcast address (returned 5 extra pin
gs).

D:\>ping 192.168.0.255

Pinging 192.168.0.255 with 32 bytes of data:

Reply from 192.168.0.255: bytes=32 time<10ms TTL=255
Reply from 192.168.0.255: bytes=32 time<10ms TTL=255

D:\>xsniff -icmp
        Sniffing ICMP ...
<Ctrl-C> to quit

ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=5
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=6
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6

so the hosts are 192.168.0.245 & 192.168.0.151 &  192.168.0.254 & 192.168.0.87 & 192.168.0.150

======= 2003-08-22 11:14:00 =======

Hi,

When I do a nmap -sP 192.168.10.0/24,   I always
get this at the end:

Host 192.168.10.255 seems to be a subnet broadcast address (returned 2
extra pings). Note -- the actual IP also responded.

Can someone point out how I might be able to tell which system is
responding to the broadcasts?

While it isn't a security issue as the broadcasts don't get
thrown into the Internet, I am a bit concerned.

Thanks.


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


.



                                
　　　　　　　　bingle2000
　　　　　　　　bingle2000 () hotmail com
　　　　　　　　　　2003-08-22



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

Current thread:

broadcast address cc (Aug 21)
- <Possible follow-ups>
- Re: broadcast address bingle2000 () hotmail com (Aug 21)