Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: Discovering hosts behind NAT

Re: Discovering hosts behind NAT

From: Wolfgang Zenker <wolfgang_at_jpaves.de>
Date: Fri, 25 May 2001 14:27:12 +0200 (CEST)

Franklin DeMatto wrote:
> How can hosts which are using RFC 1918 non-routed ip's be discovered and contacted?

> Scenario:

> A DNS Zone transfer, as well as usenet searches, indicate usage of RFC 1918 addresses for a certain domain name (let's call it internal.company.com).
> [..]
> There are two known network devices: a cisco, which seems totally silent, and a wellfleet router.

You could try to use "IP Source Routing" to contact internal hosts on the
destination network. Some versions of ping allow you to set the source route
option in your pakets using the "-g" option, you would use the outside
router of the destination network as gateway and if that does not work, try
to add a dmz host as second gateway.

Wolfgang 

-- 
Wolfgang Zenker                                  Mail: W.Zenker_at_jpaves.de
JPAVES Unix Online GmbH                          Fon:  (+49) 721 / 955 40 60
Kaiserallee 87                                   Fax:  (+49) 721 / 955 40 62
D-76185 Karlsruhe                                Web:  www.jpaves.de
Received on May 25 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos