Penetration Testing mailing list archives
Discovering hosts behind NAT
From: Franklin DeMatto <franklin () qDefense com>
Date: Sun, 20 May 2001 18:1:37 -0600
How can hosts which are using RFC 1918 non-routed ip's be discovered and contacted? Scenario: A DNS Zone transfer, as well as usenet searches, indicate usage of RFC 1918 addresses for a certain domain name (let's call it internal.company.com). Traceroute shows that all known hosts in company.com's net block go directly from the isp's router to the host (ie w/o any intermediate gateways or firewalls). The basic function and OS of each host in the net block is known. It does not appear that there are any "secret" hosts, as when any address in the subnet that is not accounted for is pinged, the ISP's router responds with ICMP Host Unreachable. There are two known network devices: a cisco, which seems totally silent, and a wellfleet router. One would conlude that one of these is being used for NAT for internal.company.com - but where do I go from here. (In general, how would I find more about the function of these devices?) Thanks in advance, Franklin DeMatto franklin () qDefense com qDefense - DEFENDING THE ELECTRONIC FRONTIER
Current thread:
- Discovering hosts behind NAT Franklin DeMatto (May 22)
- Re: Discovering hosts behind NAT Javier Fernandez-Sanguino Peña (May 23)
- Re: Discovering hosts behind NAT Alex Butcher (May 23)
- Re: Discovering hosts behind NAT Wolfgang Zenker (May 25)
- <Possible follow-ups>
- Re: Discovering hosts behind NAT Test Working (May 24)
- RE: Discovering hosts behind NAT Dawes, Rogan (ZA - Johannesburg) (May 24)