Server Administration
  Home arrow Server Administration arrow Page 4 - IP Network Scanning
Codewalker Forums 
  Tutorials  
Database Articles  
Miscellaneous  
Navigation Usability  
PEAR Articles  
Programming Basics  
Server Administration  
XML Tutorials  
  Reviews  
Database Book Reviews  
Linux Book Reviews  
Miscellaneous Reviews  
PHP Book Reviews  
PHP Software Reviews  
Server Admin Reviews  
SQL Tool Reviews  
  Code Gallery  
Content Management Code  
Contest Code  
Counters Code  
Database Code  
Date Time Code  
Discussion Board Code  
Email Code  
File Manipulation Code  
GUI Code  
Link Farm Code  
Miscellaneous Code  
Search Code  
Site Navigation Code  
User Management Code  
Mobile Linux 
App Generation ROI 
IBM® developerWorks 
Download TestComplete 
Forums Sitemap 
Weekly Newsletter 
 
Developer Updates  
Free Website Content 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us Get Paid 
Request Media Kit
Contact Us 
Site Map 
Privacy Policy 
Support 
 USERNAME
 
 PASSWORD
 
 
  >>> SIGN UP!  
  Lost Password? 
SERVER ADMINISTRATION

IP Network Scanning
By: O'Reilly Media
  • Search For More Articles!
  • Disclaimer
  • Author Terms
    		•
    Rating: stars stars stars stars stars / 0
    2008-05-22

    Table of Contents:
  • IP Network Scanning
  • ICMP Probing Tools
  • Identifying Subnet Network and Broadcast Addresses
  • Gleaning Internal IP Addresses
    		•

    Rate this Article: Poor Best 
      ADD THIS ARTICLE TO:
      Del.ici.ous Digg
      Blink Simpy
      Google Spurl
      Y! MyWeb Furl
    Email Me Similar Content When Posted
    Add Developer Shed Article Feed To Your Site
    Email Article To Friend
    Print Version Of Article
    PDF Version Of Article
    		 
     
    ADVERTISEMENT

    IP Network Scanning - Gleaning Internal IP Addresses
    (Page 4 of 4 )

    In some cases, it is possible to gather internal IP address information by analyzing ICMP responses from an ICMP ping sweep. Upon sending ICMP echo requests to publicly accessible IP addresses, firewalls often use Network Address Translation (NAT) or similar IP masquerading to forward the packets on to internal addresses, which then respond to the probes. Other scenarios include poor routing configuration on routers that are probed using ICMP, where they respond to the probes from a different interface.

    Stateful inspection mechanisms and sniffers can be used to monitor for ICMP responses from internal IP addresses in relation to your original probes. Tools such as Nmap and SING don’t identify these responses from private addresses, as low-level stateful analysis of the traffic flowing into and out of a network is required. A quick and simple example of this behavior can be seen in the ISS BlackICE personal firewall event log in Figure 4-1 as a simple ICMP ping sweep is performed.


    Figure 4-1.   ISS BlackICE used to statefully glean internal IP addresses

    This figure shows that BlackICE has identified four unsolicited ICMP echo replies from private addresses (within the172.16.0.0/12space in this case, but they are often within192.168.0.0/16or10.0.0.0/8).

    ICMPScan supports this type of internal IP address discovery when in promiscuous mode. It is beneficial to run a network sniffer such as Ethereal or tcpdump during testing to pick up on unsolicited ICMP responses, including “ICMP TTL exceeded” (type 11 code 0) messages, indicating a routing loop, and “ICMP administratively prohibited” (type 3 code 13) messages, indicating an ACL in use on a router or firewall.

    Please check back next week for the continuation of this article.


    DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.


     
    >>> Be the FIRST to comment on this article!

    Buy this book now. This article is excerpted from chapter four of Network Security Assessment, Second Edition, written by Chris McNab (O'Reilly, 2007; ISBN: 0596510306). Check it out today at your favorite bookstore. Buy this book now.

    SERVER ADMINISTRATION ARTICLES

    - Processes in the UNIX Shell
    - Migrating from Windows to Wine
    - Wine: Not Another Emulator
    - Preventive Measures to Block SSH Attacks
    - Monitoring Temperatures with Cacti
    - Cacti: RRDTool-based Graphing Solution
    - Network Magic 5.0 Review
    - Netfilter and Iptables Overview
    - Installing and Configuring Squid
    - Clickfree PC Backup Systems Compared
    - Squid, the Caching Proxy
    - Regular Expressions in the Unix Shell
    - Source Code Version Control Solutions
    - OTRS: Open Source Ticket Request System
    - Clonezilla: Free Mass Disk-Cloning Utility
    Find More Server Administration Articles




    © 2003-2009 by Developer Shed. All rights reserved. DS Cluster 1 Hosted by Hostway
    For more Enterprise Application Development news, visit eWeek