Results 1 to 7 of 7

Thread: Network Exploration???

  1. #1
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    2

    Default Network Exploration???

    Hi guys Iam new in the forum.This is my first message. but i am using linux for a long time.

    Now My big question is about a network exploration.suppose that someone attacked me and i got his ip adress but i dont know if he is using nat.or let me ask different way this guy has a x.x.x.x ip and one more 192.168.x.x which is local ip so what i dont know is his network adres or how many computer exist in that network and each of ip adress or that guy may not be using any network or nat.

  2. #2
    Administrator sickness's Avatar
    Join Date
    Jan 2010
    Location
    Behind the screen.
    Posts
    2,921

    Default Re: Network Exploration???

    Well first of all your question does not make much sense, you should write just one question and be explicit in it so that all can see what you actually want to achieve.

    By this question if I understand correctly you want to see if that someone who attacked you with an "external ip" found in your logs is behind a nat ( I hope this is what you want ).

    I will give you a short answer: If someone attacks you and you find his IP in logs, phone your ISP company and report this incident, they will take care of it.
    Back|track giving machine guns to monkeys since 2007 !

    Do not read the Wiki, most your questions will not be answered there !
    Do not take a look at the: Forum Rules !

  3. #3
    Just burned his ISO
    Join Date
    Nov 2010
    Posts
    2

    Default Re: Network Exploration???

    sorry about scenario.i made it up my point is computer using nat has two ip one of is local another is global so i am curious about how it works.how do we understand that if somebody using local network to connect internet.

  4. #4
    Just burned his ISO
    Join Date
    Apr 2010
    Posts
    11

    Default Re: Network Exploration???

    erm... are you really asking: "How am I able to detect if some other using a nat device between his system and my own?"

    If so: IMHO you aren't able to

    Code:
    |CLIENT| ----> |NAT Device| ----> {INTERNET} ----> |Your System|
    In that scenario the client don't know he's a nat'ed client. It's the job of the NAT Device to change the source addresses while sending and re-change the destination addresses while the answer comes back. TCP don't have a field for s.th. like "natted for 192.168.x.y" like it might be supplied by some http proxy f.e..

    But maybe I just don't understand your question.

    -
    Andurin

  5. #5
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Location
    Midwest, USA
    Posts
    192

    Default Re: Network Exploration???

    As I see it the only way to even come close to determining this would be to perform illegal scans against his IP, which of course you do not want to do. Reporting this to your ISP is the correct action, and if possible provide all records and logs of the attack to your ISP. I do understand that this is a scenario and not a real situation, but I myself work for an ISP and can tell you we have a Network Operations Center department or division that deals solely with law enforcement related issues. I have had to perform IP address to Physical address traces for CALEA requests myself as part of my duties.

    Communications Assistance for Law Enforcement Act - Wikipedia, the free encyclopedia

  6. #6
    Junior Member dec1bel's Avatar
    Join Date
    Dec 2010
    Location
    US
    Posts
    36

    Default Re: Network Exploration???

    You won't be able to get much information with the user behind a NATed address. If the address is NATed by the ISP port scanning will also prove futile.

    Hypothetically you could get info by pwning the user and then setting up pivoting to get info about his system and network, but it's not a very viable option with all the variables involved. You will need him to connect to you to do so via some social engineering, a lot of luck, and/or more. That's if there's even a vulnerability you could exploit.

    Again, you're not likely to glean much about 'em.

  7. #7
    Good friend of the forums gunrunr's Avatar
    Join Date
    Jan 2010
    Location
    shining my spoon
    Posts
    265

    Default Re: Network Exploration???

    you can also tell something about the IP by its class, class c addresses starting with 172. or 192 are usually behind NAT and are local addresses. compared to addresses that are in the a and b classes, if you are interested check up on arin for data pertaining to classes and blocks of ip's leased by isp's
    Wielder of the spoon of doom
    Summercon, Toorcon, Defcon, Bsides, Derbycon, Shmoocon oh my
    Come hang out with hackers on twitter @gunrunr556

Similar Threads

  1. Replies: 1
    Last Post: 04-17-2010, 06:36 AM
  2. Replies: 8
    Last Post: 11-26-2009, 08:09 AM
  3. Setting up network on local network with bt3 over VMware
    By JibberingJ in forum OLD Newbie Area
    Replies: 3
    Last Post: 02-12-2008, 11:21 PM
  4. Metasploit exploration question
    By phoenix910 in forum OLD Pentesting
    Replies: 10
    Last Post: 11-24-2007, 10:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •