Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - skypickle

Pages: [1]
1
Networking / Re: Pentesting my DMZ
« on: April 11, 2015, 05:39:41 pm »
m0rph, that's a cute graphic. thanks for the chuckles. i don't get the comment that soho routers do not redistribute connected subnets.


but i think the light is dawning about the actual events occurring in the router. i guess dmz makes a hard and fast connection between the client at the dmz ip and the wan port. I was also looking to see if there were any vulns at this point. IF for example, by sending a malformed packet to a router with dmz enabled, i could get the router to choke and send the packet to a different internal ip, or to all internal ips.


I will hook up an open box to the dmz ip and try the experiment later.


thanks for the cookies btw.


OK. so I hooked up a NAS to the lan at the DMZ ip and scanned the router through the wan port.

Scanning with the command nmap shows
PORT      STATE SERVICE
80/tcp    open  http
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
515/tcp   open  printer
548/tcp   open  afp
873/tcp   open  rsync
3689/tcp  open  rendezvous
6881/tcp  open  bittorrent-tracker
8080/tcp  open  http-proxy
8873/tcp  open  dxspider
9050/tcp  open  tor-socks
22939/tcp open  unknown

Scanning with the command namp -p - shows
PORT      STATE SERVICE
80/tcp    open  http
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
515/tcp   open  printer
548/tcp   open  afp
873/tcp   open  rsync
3689/tcp  open  rendezvous
6881/tcp  open  bittorrent-tracker
8080/tcp  open  http-proxy
8873/tcp  open  dxspider
9050/tcp  open  tor-socks
22939/tcp open  unknown
59822/tcp open  unknown
59824/tcp open  unknown


Somewhow, I had the bizarre preconception that a router with DMZ enabled would respond with 'all ports open at the DMZ ip' if no device was actually there. In fact, it just says 'nobody home'
Now I just have to figure out why the extra ports are showing up in the second scan.
thanks to everyone who responded.


Staff note: STOP DOUBLE POSTING! Use the modify button if you have more to add and no one has responded yet.

2
Networking / Re: Pentesting my DMZ
« on: April 11, 2015, 04:08:07 pm »
If you go into your router settings page you'll see that there is a place to set how the router acquires its ip from the isp. That can be static(which is rarely done these days) or dynamic (DHCP). Most routers come set to acquire their ip from the isp using dhcp. This is because you never know what ip the isp is gonna give you. Unless YOU REALLY  KNOW YOUR OUTSIDE IP. Many industrial strength commercial situations know their ip. And you can even pay for a static ip from your isp if you like.

3
Networking / Re: Pentesting my DMZ
« on: April 11, 2015, 04:03:29 pm »
The gateway of the the target router and the pc are both set to 192.168.1.1 but there is no actual hardware with that ip in this construct. NMAP is set to scan the wan ip of the target router, 192.168.1.15. various scans were tried including options, -O, - p -, -sA. each option was tried individually.

To understand better what I am trying to communicate, consider the following common real world construct. Internet->cable/dsl modem->router with DMZ set to a.b.c.d->devices. Router with DMZ set is called the 'outside router'. The devices include various servers and another router whose wan ip is the DMZ ip.

So to test the DMZ-ness function, I took the outside router offline (off the internet) , assigned it a WAN ip in the same subnet of my pc (shouldn't really matter anyway), aimed nmap at it, and fired away.

this is a testing scenario , there is no outside router. Effectively, the the pc and the wan port of the target router are connected on the same net. I could put them on a switch but to simplify matters, The pc is wired directly to the wan side of the router. I am using my pc to probe and test my router so effectively, the pc is behaving like someone on the 'raw internet' might be.


4
Networking / Re: Pentesting my DMZ
« on: April 11, 2015, 03:18:02 pm »
btw, why do i have negative cookies?

5
Networking / Re: Pentesting my DMZ
« on: April 11, 2015, 02:47:47 pm »
thank you. I am unclear on the fine points of DMZ.  I do understand that any device that is the at the DMZ ip will be exposed to the 'raw sewage of the net'. And if that device is on your lan and it gets compromised, well then, it's just like opening up your whole lan to an attacker. But how does the random packet from the net get to the DMZ?


I am not sure how the router goes about 'making a dmz'. Obviously the router has to pass unfiltered to traffic to a specific internal ip.  So the iptable matching (that makes a router what it is) is disabled. That means the router has to accept unsolicited requests. And then just pass those to the DMZ ip. A pc scanning the wan port of my router as I described should then appear to the router like an outside packet wanting to get in. Since the outside packet is coming from mmap, should I then not see a wide open port scan? After all, doesn't the router take all random packets and send them to the DMZ ip. That means the packets get acknowledged by the router-regardless of the port they are requesting.

6
Networking / Pentesting my DMZ
« on: April 11, 2015, 01:35:44 pm »

[size=10pt !important]I connected my laptop to the wan port of a link sys BEPVF41 router whose DMZ is enabled. I set the ip of the WAN side of the router to 192.168.1.15 The router lan side is 192.168.0.1. The router DMZ is 192.168.0.10. The laptop is set to 192.168.1.12. No other network connections are enabled. Neither laptop nor router are connected to anything else. I ran several nmap scans against the router but get no open ports. Shouldn't all its ports be open and mapped to the DMZ ip?
 [/size]


Pages: [1]