Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: What am I scanning?

  1. #1

    What am I scanning?

    Hi everyone, I have been playing with my own network at home trying to teach myself something about computer security, anyway working inside my own network is fine and I've learned a few things. Today I asked my boss if I could scan my home network from work, he said OK, (I work in an auto dealer and they let me install a WAP so I could use my laptop in the shop) So I scan my network and all ports come back as filtered, I am running behind a router/firewall and IP's are 192.168.1.*, I'm scanning the IP that my ISP assigns me, not 192.168.1.*.
    Basicly I wanted to see what a hacker/cracker would see if they scanned my IP.
    First, am I actually scanning my firewall or one of my ISP's servers? Second, could I safely assume that since all ports show filtered that I would be safe from a cracking attempt?
    If not how would someone go about getting inside my network if they don't know that it exist? Is using the out of the box default settings on a router/firewall(Linksys) a good idea?

  2. #2
    Is using the out of the box default settings on a router/firewall(Linksys) a good idea?
    I find it always a good habit to be in, is to always change the default admin password whenever possible.

    Otherwise, unless you need certain things opened up because you want to run your laptop as a webserver or something silly like that - then the default firewall setup is normally quite good....

    RRP

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Sorry old chap there are two things wrong here?

    1. You should NOT know the address of your home computer, as it should be dynamic, and switched off when you are not there.

    2. If you have a properly configured firewall, it should tell you that there is no computer there.

    Try doing a google for GRC.com and run "shields up"........that will tell you something about your firewall settings

    Cheers

  4. #4
    Even though my IP is dynamic, it hasn't changed since I got broadband about 6 months ago.
    I have gone to the grc site and they say everything is peachy, but are they scanning me or a server somewhere up the line? From what I can tell I'm not very vulnerable even though I've left a ton of services open on my XP box because I can't find it and I know where it's supposed to be, so am I still vulnerable to some cracker surfing the net?

  5. #5
    Senior Member
    Join Date
    Dec 2003
    Location
    LA, CA
    Posts
    292
    You should NOT know the address of your home computer, as it should be dynamic, and switched off when you are not there.
    I think what nihil means is not your address from your ISP, but the subnetted addresses in your LAN
    A mind full of questions has no room for answers

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    Most likely your router is a NAT device with a firmware firewall (so thats what you are really scanning). So the only thing your router MIGHT respond to is a ping.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  7. #7
    Well, here is what I know about the linksys router (note that I'm not a pro in security) :

    First, if someone scan you from the Internet, they will "scan" your router. It will never reach your computer. So if you let the settings as they are, you are pretty safe for what I know. If you want to see what happens when someone scan your computer, you can activiate the DMZ and install zonealarm, you'll see really quickly that your computer will now receive packets that pops up zone alarm. But don't let the DMZ activated, it's better for security to let it off. If you want to monitor just some ports on your computer (like port 80 or whatever), you can activate port fowarding for just specific ports.

    And yes, grc.com is really scanning you (but it just get to your router, and not your computer). Like I said, activate the DMZ and go back there, you'll see a lot of differences. So a hacker that scans you doesn't know a lot about your computer or your network I think.

    Please correct me if this information is not accurate. Those are based on my own experience and what I concluded by trying and using my router. :P

  8. #8
    Antionline Herpetologist
    Join Date
    Aug 2001
    Posts
    1,165
    Stupid question. Doesn't the router keep logs? If it does, then all you have to do is go through the logs and you'll know if you're getting scanned. If it can, but logging is turned off, turn it on. If it can't you shouldn't be using such a crap piece of hardware anyway, dump it and get a 386 running Slackware.
    Cheers,
    cgkanchi

    Edit: I meant that my question was stupid ("Doesn't the router keep logs"), not yours. On rereading the post it seemed to me that it might have been misinterpreted.
    Cheers,
    cgkanchi
    Buy the Snakes of India book, support research and education (sorry the website has been discontinued)
    My blog: http://biology000.blogspot.com

  9. #9
    Originally posted here by cgkanchi
    If it can't you shouldn't be using such a crap piece of hardware anyway, dump it and get a 386 running Slackware.
    Cheers,
    cgkanchi
    Gotta agree with you on that cgkanchi, why go through all that trouble when you can throw together a cheap as solution and sit back and know your safe so to speak?

    Lfrog
    Umm they said i should put my signature here.
    And now all i got is a heap of White Out on the Monitor..

  10. #10
    Senior Member
    Join Date
    Jan 2002
    Posts
    1,207
    Port scanning from behind a DNAT (masquerading-style) NAT router is a VERY BAD idea.

    Even assuming you wanted to do so for legit and sensible purposes, you stand a really good chance of causing a DoS attack against the local router:

    a DNAT router has a finitie number of ports (64k or thereabouts). Each outgoing connection (or connection attempt) will use up one of these for the lifetime of the attempt (until timeout). It is EASY with most scanning tools (nmap for instance) to have much more than 64k connections outgoing that haven't yet timed out.

    Result? The DNAT router runs out of ports, and can no longer NAT outgoing connections (until some of the old ones time out), so it starts dropping legitimate outgoing traffic by other users.

    Bear this in mind when port scanning behind such a router/ firewall.

    Note that routers / firewalls that DON'T do NAT (or ones which do static 1-to-1 mappings) don't have this problem as they don't need to do connection tracking and port mapping.

    Slarty

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •