I recently had a system comprimise. This kinda baffled me because my logs definately show typical nMap scanning techniques, but all the computers on the network (192.168.0.2, 192.168.0.3 and so on...) are behind a router on 192.168.0.1 (which uses an external IP address to communicate with the internet). I tried to scan myself (using the external IP address), only to find my scan results returned my router with ONLY port 5190/tcp (aol) open.
-Is it possible to use nMap to scan behind a router??
-Is there another method (such as traceroute) which is used to locate 'network computers' (ones connecting to the internet via a router)?
-Am I right in assuming that when on the internet, for example on the computer 192.168.0.5, this has a new IP address assigned to it even though it's going through a router which uses an external IP address?
-How are computers identified on the internet, when using the same external IP address on the router?
Please, please help me with the above questions.
Any help would be much appreciated.
[a not-so-good sysadmin