Scanning through SOCKS

["testic" <testic () testic demon co uk>]

Hi all,

I have recently discovered a user using a SOCKS 4 proxy server on my
network. After a bit of packet monitoring at the networks gateway I estimate
that there are roughly six machines on a private network connecting to this
proxy. I have managed to connect to this proxy server and can use it to
access other resources on the internet, so theoretically I could also
connect to the internal network through the same proxy. I was wondering
would there be any way of using Nmap to scan the network through the proxy
to find out what machines are behind it? Also, I dont what what IP address
space this person is using, is there any way of determining this? Ideally I
would like as much information as I can gain regarding exactly what machines
are running through the proxy so I know exactly what is going on before I
close the proxy down (it is against company policy/user agreements).

Any suggestions? As far as I can see Nmap doesnt have any SOCKS capabilites,
although I may have overlooked them. I use Nmap-3.48.

Thanks,

testic



http://www.testic.co.uk


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).