[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1AF4070E0F26474A80DA4CA886ECE0C1018AE9B3@gtsexchange.gts.dk>
From: PoulWaJ at it-college.dk (Poul Wann Jensen)
Subject: IP Resolving problems with DSL user [sls]
He is probably useing NAT, ie. he has an internet IP address at the ISP,
192.xxx or similar. The ISP useually has less IPs available in their pool
than they have users, so they have a box that assigns users
the external IP, and routes their requested data to their internal IP.
Yours,
Poul Wann
---------
IT-College Denmark
poulwaj (at) it-college.dk
-----Oprindelig meddelelse-----
Fra: Administrator [mailto:administrator@...inetworks.com]
Sendt: Saturday, September 27, 2003 8:05 PM
Til: full-disclosure@...ts.netsys.com
Emne: [Full-Disclosure] IP Resolving problems with DSL user [sls]
After a discussion about computer security with a fairly
computer-literate friend, I was asked to perform various
vulnerability scans on his system remotely. He gave me
his IP address at the same time as I ran "netstat"
to obtain it and both came out to be the same number
but just to be sure a WHOIS was run and the IP
was listed as belonging to his ISP. An nmap
scan and an "xscan" (windows-based vulnerability scanner)
were started against this IP and port 23 was found to be open
so I attempted a TELNET and was greeted with a fairly
suprising "WARNING" message that included the real
DNS name of the computer I was scanning (which happened
to be a server belonging to his ISP). All scans were halted
immediately and both of us wrote apology letters to the ISP
explaining this mistake.
My question is this: How could this have happened? Both
"winipcfg" in his Windows 98 system as well as his client
software told him his IP was this as well as a
"netstat /a" from my system.
Thank you for comments,
Alex Petrosian
administrator@...inetworks.com
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
###########################################
This message has been scanned by F-Secure Anti-Virus for Microsoft
Exchange.
For more information, connect to http://www.F-Secure.com/
Powered by blists - more mailing lists