Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Nmap Development: Re: broadcast address

Re: broadcast address

From: <bingle2000_at_hotmail.com>
Date: Fri, 22 Aug 2003 12:30:44 +0800

cc:

        that means 192.168.10.255 is a subnet broadcast address, and 2
extra host response to the broadcast address ping. Those hosts are vulnerable to the smurf dos attack. to found them, ping the broadcast address, and use sniffer to found out who replay.

D:\>nmap -sP -n 192.168.0.1/24
Host 192.168.0.255 seems to be a subnet broadcast address (returned 5 extra pin
gs).

D:\>ping 192.168.0.255

Pinging 192.168.0.255 with 32 bytes of data:

Reply from 192.168.0.255: bytes=32 time<10ms TTL=255
Reply from 192.168.0.255: bytes=32 time<10ms TTL=255

D:\>xsniff -icmp
        Sniffing ICMP ...
<Ctrl-C> to quit

ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=5
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=6
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6

so the hosts are 192.168.0.245 & 192.168.0.151 & 192.168.0.254 & 192.168.0.87 & 192.168.0.150
 
======= 2003-08-22 11:14:00 =======

>Hi,
>
>When I do a nmap -sP 192.168.10.0/24, I always
>get this at the end:
>
>Host 192.168.10.255 seems to be a subnet broadcast address (returned 2
>extra pings). Note -- the actual IP also responded.
>
>Can someone point out how I might be able to tell which system is
>responding to the broadcasts?
>
>While it isn't a security issue as the broadcasts don't get
>thrown into the Internet, I am a bit concerned.
>
>Thanks.
>
>
>---------------------------------------------------------------------
>For help using this (nmap-dev) mailing list, send a blank email to
>nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
>
>
>.

 
                                 
        bingle2000
        bingle2000_at_hotmail.com
          2003-08-22

---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help_at_insecure.org . List run by ezmlm-idx (www.ezmlm.org).
Received on Aug 22 2003

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]