|
Title: Finger priniting NAT Router and IDS? Post by: manoj9372 on September 14, 2010, 09:29:14 AM I am studying basics of network reconnaissance,
I need to confirm my target using a NAT router or not, how can i finger print the print NAT router? And also i need to finger print the type of IDS in the network? can it can be detected based on the signature testing?But nowadays some networks enables IDS on the router it-self,I need to finger print where the IDS is located on the network? I need some advice to find it .... hope i will find some... Title: Re: Finger priniting NAT Router and IDS? Post by: sil on September 14, 2010, 10:11:57 AM What have you tried so far?
Title: Re: Finger priniting NAT Router and IDS? Post by: ajohnson on September 14, 2010, 10:40:50 AM What have you tried so far? I'm pretty sure this is sil's shortest post ever. I was expecting to see about a dozen pages when I entered this thread ;) Title: Re: Finger priniting NAT Router and IDS? Post by: sil on September 14, 2010, 10:55:17 AM Itai! ;) Just curious to see what one has tried before I answer this...
Title: Re: Finger priniting NAT Router and IDS? Post by: MaXe on September 14, 2010, 11:08:37 AM One way to detect if NAT is present on a target network and find out a possible IP-range is:
1) Assume the target network is using its own mail-servers internally. (Some corporations outsources their e-mail servers though.) 2) Send an e-mail to an non-existing address at their domain name. ( 213782hdsa@domain.tld ) 3) When the "Post Master" automatically returns your e-mail, look at the e-mail headers. If you want a visualization of what to look at, take a look at this video about information gathering: http://www.youtube.com/watch?v=1nd6vAz4SOw This is also a part of the phase known as "recon" aka reconnaissance during a pentest. I am however, unsure how to detect an IDS without scanning the internal network and / or router. Title: Re: Finger priniting NAT Router and IDS? Post by: manoj9372 on September 14, 2010, 01:26:11 PM Code: What have you tried so far? I tried to nmap scanning,tracert and banner grabbing and i found they are having 4 line of cisco firewalls ,i had found ICMP was enabled on those firewalls,and i tried to do banner grabbing on the router and i can't able to find any thing,when i scanned with namp and i found only 2 filtered ports 25 -smtp filtered port 53- dns filtered port i am trying to determine the ACL,exact version of the cisco IOS , want to find NAT is enabled on the router and want to know IDS is enabled on the router it-self... Code: One way to detect if NAT is present on a target network and find out a possible IP-range is: 1) Assume the target network is using its own mail-servers internally. (Some corporations outsources their e-mail servers though.) 2) Send an e-mail to an non-existing address at their domain name. ( 213782hdsa@domain.tld ) 3) When the "Post Master" automatically returns your e-mail, look at the e-mail headers. If you want a visualization of what to look at, take a look at this video about information gathering: http://www.youtube.com/watch?v=1nd6vAz4SOw This is also a part of the phase known as "recon" aka reconnaissance during a pentest. I am however, unsure how to detect an IDS without scanning the internal network and / or router. Thanks a lot,i am going to try this, also i heared NAT hosts can be detected based on ip-id values and ttl values. but i have some troubles,those hosts are runninx linux ,so they hae ip-id value of 0 by default and icmp was disabled there,so i dont know what to do detect the presence of NAT,also i want to know they are running hardware or softwares IDS , can't a IDS can be detected based on it's signature testing? Also i want to know what kind of routing protocol they are using on their routers? hope i will get some more answers....
Powered by SMF 1.1.18 |
SMF © 2013, Simple Machines
Joomla Bridge by JoomlaHacks.com |