Re: Finding clandestine routers on a network

From: ParrotRob (parrotrob_at_yahoo.com)
Date: 05/30/04


Date: Sat, 29 May 2004 18:04:51 -0400


"Chuck" <none@example.net> wrote in message
news:tk6db0d3c0e3lg7fkp56e0vdjo4plutj7j@4ax.com...
> On Thu, 27 May 2004 14:36:27 GMT, LC <*email_address_deleted*> wrote:
>
> >Hi!
> >
> >Is there a way with a network port scanner (or other tools) to find
> >clandestine routers like Linksys, SMC Barricade, etc. on a network ? I
> >did a search on Internet
> >to find if these equipments are using a special TCP port or
> >configuration without any success ....
> >
> >Regards!
> >
> >L. Cerantola
> >IT Security
> >Laval University
>
> I doubt that there's a definitive broadcast issued by a NAT router to
identify
> itself as such. But, using my imagination, I can come up with several
ways to
> start.
>
> If you scan your network, ip address by ip address, and resolve each ip
address
> to MAC address, you can look at each MAC address. MAC addresses are
unique, and
> a portion of each address is unique to a manufacturer. Another portion of
the
> MAC address, depending upon manufacturer, should identify product or
model.

True, but most "personal" type routers (Linksys, DLink, etc) that I come
across nowadays let you spoof the MAC address on the WAN interface.

>
> A product like Softperfect Network Scanner (free) from
> <http://www.softperfect.com/> will scan your network, and display all ip
> addresses in use, and network name used by each address. A NAT router
will show
> in the SNS display, but with no name (mine does anyway).
>
> Looking at the problem from another direction, if you search your network
for
> workstations using a default gateway that you don't know about, you will
have
> the ip address of the illegal router, PLUS the idiots using that illegal
router.

Except he won't even see the workstation(s) if it's/they're behind a NAT
router, though, unless the user is forwarding traffic to a host behind it or
has it set up in a DMZ.



Relevant Pages

  • Re: Setting up Airport Express
    ... It is usually referred to as a "MAC Address", ... on their network. ... always the hardware address assigned to the computer sending the packet. ... When your router receives a packet destined for a computer on your LAN, ...
    (uk.comp.sys.mac)
  • Re: Freebsd 5.1 <-> Win XP Networking problems
    ... Danny MacMillan wrote: ... >> from any ip number forming part of that network and from the netmask. ... > located external to my network it should send the packet to the router ... > (using the router's MAC address) instead of arp-ing for the MAC address ...
    (freebsd-questions)
  • Re: Ethernet network wiring ?s
    ... >>> the planned network is designed correctly and for my own education on ... Since you already have a router, ... Apple calls this protocol Bonjour. ... And because Mac 1 and Mac 2 have private network addresses, ...
    (comp.sys.mac.hardware.misc)
  • Re: re-setting router--MORE QUESTIONS...SIGH
    ... Unless your connection device is also a router, ... A MAC address is the ... "permanent" address that is 'burned' into any network device when it is ... enable some kind of wireless security. ...
    (alt.sys.pc-clone.dell)
  • Re: Network Connections Dropping
    ... my local DNS in addition to my router as a DNS for getting to my ISP, ... defined hostname and what is their assigned hostname. ... IP address that my Mac now had and vice versa. ... the mac users seem to lose partial network connection. ...
    (comp.sys.mac.system)