Yes for the purpose of this scan I did connect my scanning box straight to the internet. Too many fingerprints match this host to give specific OS detailsĪny idea, thought or insight from people more experienced than I am would be most welcome. I scanned the source and destination hosts most often mentioned in the SYN/ACK flood and here is what I got: source:ĭevice type: general purpose|WAP|router|firewall The source MAC is always the usual 00:21:A0:a:b:c, but the destination MAC is also not mine!! So I have no idea how and why these packets make it to my interface to start with!? All I can think of is that they have some crossed wires or short circuits in their junction boxes! Mostly they are SYN packets aimed at port 445 or SYN/ACK packets aimed at port 7170 and often the same IPs are involved. However these packets have a source and destination IP distinct from mine. I have found by running tcpdump and looking at the output that at these times there are packet floods at my interface, which vary from SYN, SYN/ACK and UDP packets. Now the problem I have is that starting from about 10AM to 7PM, I hardly can access the internet. … again always with the same MAC address. ![]() For example: Nmap scan report for x.y.130.213 When I scan further, every host is showing different open ports and different OSes though, so they seem to all be real live hosts. With the MAC address always the same as that of x.y.128.1, the gateway, but the gateway’s IP not showing in the route. Nmap scan report for x.y.isp (x.y.205.101) The Zenmap topology output shows a perfect star with… me (localhost) in the center… For example: nmap -sn -traceroute x.y.205.101 Every host I nmap in my subnet is showing the same MAC address: apparently the one of the gateway. The first thing I do not get is their network topology. For the purpose of the scan, I am not behind my usual home router. ![]() My connection is DSL and my ISP uses DHCP without authentication or MAC registration (as an aside, in my personal experience, this is a management and security disaster). Further it assists with cleaning up all the data collected by Nmap and organizes it into useful tabs and columns.I recently moved to Asia and am having some severe problems with my ISP, which they apparently are unable to solve, so I decided to investigate on my own. Zenmap is a great tool to use for those who prefer a graphical user interface. In this exercise, you will use Zenmap and get used to the look of the graphical user interface which ties into Nmap. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |