|
-
August 21st, 2003, 01:50 AM
#1
Junior Member
computers behind routers/modems
I was wondering if anyone could tell me how hackers find computers that are behind routers, or even cable modems. I am a network admin, I am trying to learn about security and I cant figure out how a outside attacker could breach a server that is behind a router or a cable modem that provides access to the internet. Cant the hacker only see the address to the cable modem??
-
August 21st, 2003, 02:16 AM
#2
You can first map out the network with this nifty program.
http://www.marko.net/cheops/
As far as getting past the gateway. I suppose you can make routed packets with the final hop being the gateway with a destination address being an inside private IP.
Though from what Ive done, it always starts from the inside. Like using nc to push a backdoor.
-
August 21st, 2003, 02:16 AM
#3
Member
I was once pondering this very question myself. I did a little research on the topic and found that the router contains the 'public' IP for the net. But let's pretend that a hacker wanted to locate a computer attached to a router....As far as I know...you can do an some sort of ARP query to obtain the LAN IP of a specific PC. But, if you are remote...you must always resolve the LAN IP through the router ARP table first. The packet header usually specifies the 'node' to which it is going. The router just poses as a gateway or hop if you will.
scat
 If the scatman can do it so can you.
-
August 21st, 2003, 02:28 AM
#4
Member
If you know the internal IP ranges of a company it is easy enough to craft an IP packet to access an internal resource, using the router as a gateway.
Part of a true hackers task (not script kiddies) is what is called "fingerprinting" this is basically gathering information about the intended victim.
One good source for IP owner information is a site like Sam Spade which gives you the ability to queiry registration databases for IP range ownership.
Also get yourself some good books on the subject - Hacking Exposed I find is an excellent source of information.
PS - I am an IT Security Manager for a large company - not a hacker 
Golam
Time flies like an arrow - fruit flies like a banana
-
August 21st, 2003, 03:04 AM
#5
MidNyte
Assuming the PCs have what they call an RFC1918 address (non-routable addresses)
Ranges are: 10.x.x.x
172.16.x.x-172.31.x.x
192.168.x.x
There is no way "hackers/anyone" can find the IP of a PC behind a router that is doing either a "Port Address Translation/PAT",which is a many-to-one translation or a "Network Address Translation/NAT", Which is a one-to-one translation.
However with a cable modem, which is really a bridge..your PCs IP is not hidden and is
a registered public address that anyone can portscan..
Also, in the first scenario, if you had a router and you were doing a PAT or a NAT,
even if someone new your RFC1918 address, they cannot initiate an
attack on your PC because all those addresses are blocked on all Internet routers.
(thats why they refer to them as private addresses)
Hope this helps....
-
August 21st, 2003, 03:08 AM
#6
Yeah Golam was right you are going to have to forgive me for this has been a little while but, Let's say I get the an IP of your system any, If I telnet to 59 and use Sam I will find just about everything that I need, Another thing about this that is fairly interesting is that if bye chance I were to scan your system and you had 80, 23, 59, 110, 25 open then I could easly get access. Because you have router but your system is still connected to that router so if I hae access to your Router I have access to you entire Network more or less.
As for Hacking Esposed I thought it a bit, remedial all the stuff in those books you could learn in a Query in Google, A book I would have to say is good, Ankit Fadia's The Unofficial Guide to Ethhical Hacking. Pretty good I don't believe that he talks about Routers though.
-
August 21st, 2003, 04:29 AM
#7
Junior Member
If you connect to any computer via the "www" or "network" your computer has to know where to send the data 'bits' so it uses a logical address, lets say, "www.yahoo.com" which translates to "216.109.118.72". That ip address is matched up with a "MAC" address that is assigned to your "NIC", network interface card by the manufacturor. All mac address are unique. When you type www.yahoo.com in the url of your web browser your ip address is encapsulated in the data packets around the data being sent.
-
August 21st, 2003, 05:17 AM
#8
Member
Very true merrimand, unless that address is the "external" address of a firewall or address translating router. Then you would not see the inside address as it will be changed on the outbound leg by the address translation.
That is the same for your example of Yahoo, I bet dollars to doughnuts that that is not the true address of their web server(s) 
Golam
Time flies like an arrow - fruit flies like a banana
-
August 21st, 2003, 05:28 AM
#9
merrimand,
You are right all NIC cards have a unique 48 bit MAC address
which is burned in at the manufacturers...
However, Be very carefull with the statement you made unless
I might have misunderstood your comment.
A PC's MAC address will "never ever" be seen on a different
subnet then your own. "Data Link Connections are established locally"
The Ip src and dst of any packet will always be the same no matter how many routers/subnets/hops the packet traverses, however the MAC address will change from subnet to subnet...
MAC addresses are just used to perform the handoff from net to net,,
Ill try to use an anology (hope its not too vague)
It is like if you send a letter to a friend out of state, the From and To
fields will always be the same as the mail is routed from one post office in your
city to the next.. The post office here is like you MAC address..It is just used
for the hand off, and it changes form net to net.
P.S.
Sorry if I misunderstood your comment...
-
August 21st, 2003, 01:55 PM
#10
Junior Member
stupid Opera crashed on me after I'd finished typing my reply, only seconds b4 I hit post 
I'm a newb too, I've got a simple network, no servers except samba server on my linux box. I have cable connection and realise that the cable 'modem' won't hide my computer so I bought a netgear router/firewall.
I was under the impression that the router was going to totally hide my network from 31337 kiddies  I've set it to refuse all incoming requests, but allow all outgoing (software firewall should keep an eye on that)
I'm reading it's logs, and it has done well so far, dropping all incoming requests.. etc
Am I too complacent. I've checked my system with scans from GRC and broadband.com, etc and got total stealth reports. How good are these?
I've nmap-ed some of my freinds and family over the net and helped them to stealth their computers. If I did the same from another computer to my network is this enough?
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
