Visit Jeremy's Blog.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 01-28-2005, 03:47 AM   #1
LQ Newbie
Registered: Dec 2004
Location: On your SQL server.
Distribution: Mandrivia Linux 10.1
Posts: 25

Rep: Reputation: 15
Scan behind Router With nMap?


I recently had a system comprimise. This kinda baffled me because my logs definately show typical nMap scanning techniques, but all the computers on the network (, and so on...) are behind a router on (which uses an external IP address to communicate with the internet). I tried to scan myself (using the external IP address), only to find my scan results returned my router with ONLY port 5190/tcp (aol) open.

-Is it possible to use nMap to scan behind a router??
-Is there another method (such as traceroute) which is used to locate 'network computers' (ones connecting to the internet via a router)?
-Am I right in assuming that when on the internet, for example on the computer, this has a new IP address assigned to it even though it's going through a router which uses an external IP address?
-How are computers identified on the internet, when using the same external IP address on the router?

Please, please help me with the above questions.

Any help would be much appreciated.


[a not-so-good sysadmin ]
Old 01-28-2005, 05:38 AM   #2
Registered: Oct 2003
Location: ITALY
Distribution: Debian, Ubuntu, Fedora
Posts: 137

Rep: Reputation: 15
Ok, let's take it from the beginning.
theorically, when a LAN uses internet services behind a NAT, it works with the same external IP address (or address, with nat pools, but it's not your case). It is the router's job to translate addresses and no one would ever know if it's a siingle workstation or an entire LAN.
If you add a static NAT translation you allow a person to contact a PC in your LAN from the outside but, again, it shouldn't be your case.
But this is theory. There are malicious techniques to force not-so-well-configured or not-so-great-quality routers to give out informations reguarding the LAN. Moreover, there are malicious techniques to contact LAN members directly.
The main dubt in this case is that your firewall seems to be blocking almost everything except one port. AOL can be an entrance point, but, man... these guy must be very angry. If I were you, I'd first try to search the problem elsewhere, like unknown mail messages etc.
Reguarding NMAP... as I always say, NAT doesn't mean security. NMAPping a router with NO firewall can end up with different responses, depending on the router. Does your router have a firewall?
For istance, there are vendors (their name will no be told) whose routers... if they don't have NAT infos, nor firewall rules, they just forward to all the cilents!!
That's mad

Last edited by TheIrish; 01-28-2005 at 05:47 AM.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Cant scan with nmap or nessus saltas Linux - Networking 2 09-29-2004 03:34 PM
scan my network with nmap. amer_58 Linux - Networking 3 06-17-2004 12:11 AM
Port Scan (nmap -st) TroelsSmit Linux - Newbie 2 05-22-2004 03:13 PM
How can I scan *every* port with nmap? davee Linux - Security 6 12-11-2003 04:44 PM
nmap scan loganwva Linux - Security 5 02-25-2003 07:16 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:07 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration