What have you tried so far?
I tried to nmap scanning,tracert and banner grabbing and i found they are having 4 line of cisco firewalls ,i had found ICMP was enabled on those firewalls,and i tried to do banner grabbing on the router and i can't able to find any thing,when i scanned with namp and i found only 2 filtered ports
25 -smtp filtered port
53- dns filtered port
i am trying to determine the ACL,exact version of the cisco IOS ,
want to find NAT is enabled on the router and want to know IDS is enabled on the router it-self...
One way to detect if NAT is present on a target network and find out a possible IP-range is:
1) Assume the target network is using its own mail-servers internally. (Some corporations outsources their e-mail servers though.)
2) Send an e-mail to an non-existing address at their domain name. ( 213782hdsa@domain.tld )
3) When the "Post Master" automatically returns your e-mail, look at the e-mail headers.
If you want a visualization of what to look at, take a look at this video about information gathering:
http://www.youtube.com/watch?v=1nd6vAz4SOw
This is also a part of the phase known as "recon" aka reconnaissance during a pentest.
I am however, unsure how to detect an IDS without scanning the internal network and / or router.
Thanks a lot,i am going to try this,
also i heared NAT hosts can be detected based on ip-id values and ttl values.
but i have some troubles,those hosts are runninx linux ,so they hae ip-id value of 0 by default and icmp was disabled there,so i dont know what to do detect the presence of NAT,also i want to know they are running hardware or softwares IDS ,
can't a IDS can be detected based on it's signature testing?
Also i want to know what kind of routing protocol they are using on their routers?
hope i will get some more answers....
News Items and General Discussion About EH-Net : happy-birthday-cards-19.txt
