Re: Scanning hosts behind a NAT

Hi list ;),
I'm a student and I'm trying to learn how nmap does its job.
Today, for example, I tried to scan my home network ( ;) )... In fact,
I've 2 computers behind a router (which does wireless AP, router &
firewall: linksys wrt54g). Then, I tried to scan from "outside" the
network (aka: from a friend on the internet).
On the router (LAN ip: 192.168.1.1) , I've the port 6356 (Gnutella)
which is forwarded to 192.168.1.2 (my first pc).

When I tried to scan from outside, I obviously obtain:


Starting Nmap 4.01 ( http://www.insecure.org/nmap/ ) at 2006-04-22 18:26 CEST
Warning: OS detection will be MUCH less reliable because we did not
find at least 1 open and 1 closed TCP port
Interesting ports on 80.13.xx.yy:
(The 1671 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE VERSION
6346/tcp closed gnutella
Too many fingerprints match this host to give specific OS details

In fact, it was what I was expecting for. My question is how to scan
the hosts behind the router (NAT) ? Is it possible ?

Thanks

N.

-------------------------------------------------------------------------
This List Sponsored by: Webroot


AFAIK no, because of the NAT nature. It was designed to hide real network. In fact there are some methods to count hosts behind NAT (search history of the list and latest numbers of phrack), but that is all.

--
Roman Shirokov
Systems Administrator
85A4 8586 FEEE 171B D0F1 A9C1 27C8 A907 EE45 7D0E

http://securitybox.org.ru
e-mail: securitybox@xxxxxxxxxxxx



-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected.
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no
obligation. See why so many companies trust Spy Sweeper Enterprise to
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------

Relevant Pages

  • Re: Is there any thing like Bubbleip
    ... :the dynDNS, then it detects my network administrator's server address, ... There are four important forms of NAT: ... On a Statefull Packet Inspection firewall, ... Port Address Translation. ...
    (comp.security.misc)
  • RE: Printing from Win9x clients stops
    ... > and make sure this software does not interfere with SBS Server. ... > clients, please disable it and try again. ... Create a local printer and redirect the port to the network server. ...
    (microsoft.public.windows.server.sbs)
  • RE: SBS 2003, ISA 2004
    ... ISA and IIS try listening on these two ports. ... by default the Web Proxy is listening on port 8080 ... of the local network adapter. ... Microsoft CSS Online Newsgroup Support ...
    (microsoft.public.windows.server.sbs)
  • Re: ERS 8600, simple setup, IP, VLANs, etc.
    ... management port is just used to hang an IP address to. ... associated with an interface, such as a VLAN. ... fairly functionally homogenous network), but something that is ... or OS virtuallization - except that networks have been doing this kind of ...
    (comp.dcom.sys.nortel)
  • network slowness/freez-up since update 10/11
    ... network problems: first the network is slow (even within a few ... network - but not the rest of the system - just locks up (can't ping ... OHCI version 1.0, legacy support ... <Parallel port bus> on ppc0 ...
    (freebsd-current)