.

Finger priniting NAT Router and IDS?

<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Sep 14, 2010 9:29 am

Finger priniting NAT Router and IDS?

I am studying basics of network reconnaissance,

I need to confirm my target using a NAT router or not,
how can i finger print the print NAT router?

And also i need to finger print the type of IDS in the network?

can it can be detected based on the signature testing?But nowadays some networks enables IDS on the router it-self,I need to finger print where the IDS is located on the network?


I need some advice to find it ....

hope i will find some...
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Sep 14, 2010 10:11 am

Re: Finger priniting NAT Router and IDS?

What have you tried so far?
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Tue Sep 14, 2010 10:40 am

Re: Finger priniting NAT Router and IDS?

sil wrote:What have you tried so far?


I'm pretty sure this is sil's shortest post ever. I was expecting to see about a dozen pages when I entered this thread ;)
The day you stop learning is the day you start becoming obsolete.
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Tue Sep 14, 2010 10:55 am

Re: Finger priniting NAT Router and IDS?

Itai! ;) Just curious to see what one has tried before I answer this...
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Tue Sep 14, 2010 11:08 am

Re: Finger priniting NAT Router and IDS?

One way to detect if NAT is present on a target network and find out a possible IP-range is:
1) Assume the target network is using its own mail-servers internally. (Some corporations outsources their e-mail servers though.)
2) Send an e-mail to an non-existing address at their domain name. ( 213782hdsa@domain.tld )
3) When the "Post Master" automatically returns your e-mail, look at the e-mail headers.

If you want a visualization of what to look at, take a look at this video about information gathering:
http://www.youtube.com/watch?v=1nd6vAz4SOw

This is also a part of the phase known as "recon" aka reconnaissance during a pentest.

I am however, unsure how to detect an IDS without scanning the internal network and / or router.
I'm an InterN0T'er
<<

manoj9372

Jr. Member
Jr. Member

Posts: 72

Joined: Mon Oct 05, 2009 8:54 am

Post Tue Sep 14, 2010 1:26 pm

Re: Finger priniting NAT Router and IDS?

  Code:
What have you tried so far?


I tried to nmap scanning,tracert and banner grabbing and i found they are having 4 line of  cisco firewalls  ,i had found ICMP was enabled on those firewalls,and i tried to do banner grabbing on the router and i can't able to find any thing,when i scanned with namp and i found only 2 filtered ports

25 -smtp filtered port
53- dns  filtered port


i am trying to determine the ACL,exact version of the cisco IOS ,
want to find NAT is enabled on the router and want to know IDS is enabled on the router it-self...

  Code:
One way to detect if NAT is present on a target network and find out a possible IP-range is:
1) Assume the target network is using its own mail-servers internally. (Some corporations outsources their e-mail servers though.)
2) Send an e-mail to an non-existing address at their domain name. ( 213782hdsa@domain.tld )
3) When the "Post Master" automatically returns your e-mail, look at the e-mail headers.

If you want a visualization of what to look at, take a look at this video about information gathering:
http://www.youtube.com/watch?v=1nd6vAz4SOw

This is also a part of the phase known as "recon" aka reconnaissance during a pentest.

I am however, unsure how to detect an IDS without scanning the internal network and / or router.



Thanks a lot,i am going to try this,
also i heared NAT hosts can be detected based on ip-id values and ttl values.

but i have some troubles,those hosts are runninx linux ,so they hae ip-id value of 0 by default and icmp was disabled there,so i dont know what to do detect the presence of NAT,also i want to know they are running hardware or softwares IDS ,

can't a IDS can be detected based on it's signature testing?


Also i want to know what kind of routing protocol they are using on their routers?


hope i will get some more answers....

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software