Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

nmap-dev logo Nmap Development mailing list archives

Re: broadcast address
From: "bingle2000 () hotmail com" <bingle2000 () hotmail com>
Date: Fri, 22 Aug 2003 12:30:44 +0800
cc:

        that means 192.168.10.255 is a subnet broadcast address, and 2
extra host response to the broadcast address ping. Those hosts are vulnerable to the smurf dos attack. to found them, 
ping the broadcast address, and use sniffer to found out who replay.

D:\>nmap -sP -n 192.168.0.1/24
Host 192.168.0.255 seems to be a subnet broadcast address (returned 5 extra pin
gs).

D:\>ping 192.168.0.255

Pinging 192.168.0.255 with 32 bytes of data:

Reply from 192.168.0.255: bytes=32 time<10ms TTL=255
Reply from 192.168.0.255: bytes=32 time<10ms TTL=255

D:\>xsniff -icmp
        Sniffing ICMP ...
<Ctrl-C> to quit

ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=5
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=5
ICMP 192.168.0.54->192.168.0.255 Bytes=28 TTL=128 Type: 8,0 ID=2 SEQ=6
ICMP 192.168.0.151->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.245->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.254->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.87->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6
ICMP 192.168.0.150->192.168.0.54 Bytes=28 TTL=255 Type: 0,0 ID=2 SEQ=6

so the hosts are 192.168.0.245 & 192.168.0.151 &  192.168.0.254 & 192.168.0.87 & 192.168.0.150

======= 2003-08-22 11:14:00 =======


Hi,

When I do a nmap -sP 192.168.10.0/24,   I always
get this at the end:

Host 192.168.10.255 seems to be a subnet broadcast address (returned 2
extra pings). Note -- the actual IP also responded.

Can someone point out how I might be able to tell which system is
responding to the broadcasts?

While it isn't a security issue as the broadcasts don't get
thrown into the Internet, I am a bit concerned.

Thanks.


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


.



                                
        bingle2000
        bingle2000 () hotmail com
          2003-08-22



---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
  • broadcast address cc (Aug 21)
    • <Possible follow-ups>
    • Re: broadcast address bingle2000 () hotmail com (Aug 21)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]