Re: Finding clandestine routers on a network

From: Chuck (none_at_example.net)
Date: 05/31/04 

Date: 31 May 2004 10:22:04 -0500

On Thu, 27 May 2004 14:36:27 GMT, LC <security@rec.ulaval.ca> wrote:

>Hi!
>
>Is there a way with a network port scanner (or other tools) to find
>clandestine routers like Linksys, SMC Barricade, etc. on a network ? I
>did a search on Internet
>to find if these equipments are using a special TCP port or
>configuration without any success ....
>
>Regards!
>
>L. Cerantola
>IT Security
>Laval University

LC,

NMAP <http://www.insecure.org/nmap/index.html> has various ping, probe, and scan
options that should help you identify devices on the network. Even NAT routers
blocking ICMP packets can be found if you're devious enough.

Devices like NAT routers, using MAC address spoofing, could masquerade as
computers, unfortunately. So using the MAC address to identify routers would be
unreliable. :(

Combining NMAP with SoftPerfect Network Scanner <http://www.softperfect.com/>,
you could use Netscan to whitewash most of the devices (ip addresses), then NMAP
suspicious ones using some of the exotic options (and NMAP has quite a few
possibilities). The nice thing about Netscan is that it will multithread (up to
100 addresses scanned simultaneously), scan an entire class C subnet in seconds,
identify all resources offered by each address found, and generate a text report
of what's found. And it's free.

Cheers,
Chuck
Paranoia comes from experience - and is not necessarily a bad thing.

Quantcast