NMAP scan of my real IP address

[Linus1907]

Hi guys

I can’t really figure this out, so I need some help, please. I’ve read the NMAP network scanning book and some tutorials on Nmap.

My home LAN IP is 192.168.0.1 and using the 192.168.0.1/24 gets me the entire network etc.

But now I want to test my Namp skills on my real IP address. (Gotten from What Is My IP Address? - Lookup IP, Hide IP, Change IP, Trace IP and more... )

But when I scan my real IP address (eg. 123.456.789.0) then I only see my router, but not the rest of my network. (I have 7 devices on my LAN, via Wifi). Why not?

Do this mean that if I secure my router good enough, I’m “home free” for the rest of the LAN? Because I can’t see :

• Which devices are online
• How many are online
• Version detection
• etc

All the examples I have read about is regarding your own network, e.g. 192.168.0.1 or 10.0.0.1, which also works, because I running the scan within the network.

Please help me clarify my confusion about this.

Thanks
//Linus

[purehate]

Sounds like you need to read up on the following subject: NAT (Network Address Translation). If you have more questions after reading that then we can try to help.

[Lincoln]

Brief discription between public and private addresses

[Linus1907]

Hi again

Thanks for your replies.

I've read more about NAT and Private vs. Public addresses.

As I have understood, then a local network use one "private" IP address (e.g. 192.168.something), and each time I connect a device to my internal network, then I’ll get a new unique "private" IP address for that device.

My router then have 1 "public" IP address for accessing the internet.

So when one of my devices passes from my local network, it goes through the router and it's translated to my "public" IP address. It then gets the data back to the router and the router transfer it, to the correct device.

I've tried to illustrate it like this:



And that is why my "private" IP addresses, always only is shown as 1 "public" IP address, to the rest of the world.

1) Is this correct?
2) Unfortunately I haven't been able to figure out my original question. How can a NMAP scan see anything else but my router? (using the "public" IP address)?

[mfBaranian]

Yes that is correct. Think of it this way. Your router is the border point of two networks (it exists on both your private LAN and the public internet / having one interface on each side). To scan a network you must be a part of that network. So scanning public addresses = scanning the network of networks (the whole internet), scanning private addresses = scanning your LAN.
I hope this makes sense to you.
Btw, some ISPs don't approve of you port scanning public addresses so be mindful of what you are doing.

[Linus1907]

Thanks, #mfBaranian#

So if you secure your router, then the rest of the private LAN is "home free".

Said in another way : NMAP scans are useless, in the "real" world, as long as you have a router in front.

[purehate]

Well you must realize you are on a home private network. This is not the case in the real world because almost all business's have devices with open ports on the internet. Home users are but a small piece of the internet.

So yes in theory you are safe with a properly secured router from direct attacks but if you have any ports from the router forwarded to a pc that makes a hole. For example bit torrent ports. Also not to sound mean, you are still vulnerable to the greatest bug of all which is the end user of the PC. You can still click on websites which have been infected with malicious code and get owned. No one is ever truly safe.

[mfBaranian]

Said in another way : NMAP scans are useless, in the "real" world, as long as you have a router in front.

I wouldn't say they were useless. Someone could still scan your router, find vulnerabilities, exploit them, gain access to the router and pawn your network. There are numerous ways of achieving such a scenario (and nmap is an unavoidable tool for doing so). I just said that you cannot scan your network directly through the router using the public address.

[Linus1907]

pureh@te and #mfBaranian#:

Thanks for your help. I learn something today

[xX_Spiidey_Xx]

I wouldn't say they were useless. Someone could still scan your router, find vulnerabilities, exploit them, gain access to the router and pawn your network. There are numerous ways of achieving such a scenario (and nmap is an unavoidable tool for doing so). I just said that you cannot scan your network directly through the router using the public address.

Yes. Many, many many routers are running tiny-ified versions of Linux, and will report back to NMAP several potential vulnerabilities. Let's say for example, that your router was running DD-WRT v24-sp1. Let's say that, oh, I don't know... a Chinese skididiot (they've been attacking me a lot lately. It's getting lame.) probes your public IP, and your router running DD-WRT lets them know that it's version 24, servicepack 1. A quick search on milw0rm brings you to a nice Cross Site Reference Forgery exploit built specifically for your router's software. Port forwarding is also a dangerous trap to get in the habit of doing (IE: torrent downloaders, home webservers), and is where the beauty of NAT is.

My two cents: There is no such thing as "home-free", unless you're unplugged.

xX_Spiidey_Xx