Penetration Testing mailing list archives

Re: enumerating hosts behind a NAT box

From: Erik Kamerling <ekamerling () snaplen com>
Date: Fri, 10 Jun 2005 12:02:51 -0400

Idle scanning was conceived by Salvatore Sanfilippo in 1998 - before this 
paper was published I believe.

This paper may provide you with some good info as well. 
http://www.caida.org/outreach/papers/2005/fingerprinting/

Best wishes and Good Luck! :-)

Erik Kamerling

On Friday 10 June 2005 11:49, Todd Towles wrote:

"A Technique for Counting NATted Hosts" - AT&T Labs Research
http://www.cs.columbia.edu/~smb/papers/fnat.pdf

It uses the IPID, like in Idlescanning. I can't remember exactly, but I
think it was this paper that sparked the whole idlescanning idea, but I
could be confused.

-Todd

-----Original Message-----
From: Zuromski, Brian [mailto:brzurom () tycho ncsc mil]
Sent: Friday, June 10, 2005 10:25 AM
To: 'pen-test () securityfocus com'
Subject: enumerating hosts behind a NAT box

hello,
         I'm trying to design a network mapping program and
need to know if there is a way to pickup (identify, count, os
identification) any hosts behind a NAT box. Also identifying
a NAT box in the first place would be
useful.   Anyone have any luck doing so before or know of a way?

Thanks
~Brian

Current thread:

enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)
- RE: enumerating hosts behind a NAT box Leandro Reox (Jun 10)
- <Possible follow-ups>
- RE: enumerating hosts behind a NAT box Todd Towles (Jun 10)
  - Re: enumerating hosts behind a NAT box Erik Kamerling (Jun 10)
- RE: enumerating hosts behind a NAT box Zuromski, Brian (Jun 10)