Ho provato la scansione della rete domestica con nmap
, eseguendo un 192.168.0.0/16
netscan. Con mia sorpresa, i risultati hanno mostrato più dispositivi live non solo su 192.168.1.x
(dove sono presenti tutti i nostri dispositivi ) ma su 192.168.2.x
!
setup :
- ubuntu 11.10
- nmap 5.21
- connessione wifi domestica su rete privata (192.168.1.x)
- l'installazione del router wireless è attiva su 192.168.1.1 / 255.255.255.0
- DHCP abilitato
- collegato solo alla nostra rete privata protetta
- tutti i nostri dispositivi e computer sono sulla rete 192.168.1.x
- i log del router non mostrano alcun IP 192.168.2.x (i lease DHCP e i registri wifi mostrano solo i nostri dispositivi IP)
sottoinsieme di risultati nmap :
$ nmap 192.168.2.0/24
Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-05 21:30 CEST
Nmap scan report for 192.168.2.1
Host is up (0.045s latency).
All 1000 scanned ports on 192.168.2.1 are closed
Nmap scan report for 192.168.2.3
Host is up (0.048s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
23/tcp open telnet
Nmap scan report for 192.168.2.69
Host is up (0.045s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
631/tcp open ipp
2049/tcp open nfs
Nmap scan report for 192.168.2.77
Host is up (0.067s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
80/tcp open http
Nmap scan report for 192.168.2.78
Host is up (0.044s latency).
Not shown: 999 closed ports
PORT STATE SERVICE
80/tcp open http
Nmap scan report for 192.168.2.80
Host is up (0.012s latency).
Not shown: 841 closed ports, 149 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
80/tcp open http
2000/tcp open cisco-sccp
5003/tcp open filemaker
5004/tcp open unknown
32769/tcp open unknown
32770/tcp open sometimes-rpc3
Nmap scan report for 192.168.2.84
Host is up (0.043s latency).
Not shown: 843 closed ports, 149 filtered ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
37/tcp open time
80/tcp open http
5003/tcp open filemaker
5004/tcp open unknown
32769/tcp open unknown
Nmap scan report for 192.168.2.89
Host is up (0.014s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
80/tcp open http
Nmap scan report for 192.168.2.90
Host is up (0.063s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
80/tcp open http
111/tcp open rpcbind
6000/tcp open X11
8088/tcp open unknown
...
ecco alcune risposte telnet :
$ telnet 192.168.2.80
Trying 192.168.2.80...
Connected to 192.168.2.80.
Escape character is '^]'.
Linux 2.6.10-mV01-00-54 (localhost.localdomain) (0)
dcm login:
e
$ telnet 192.168.2.90
Trying 192.168.2.90...
Connected to 192.168.2.90.
Escape character is '^]'.
Welcome to Appear TV Embedded Software Environment
dvbs2 login:
sembra un'apparecchiatura di rete, una TV digitale ecc. ma nessuno di questi è collegato al nostro router! Qualcuno ha idea di come potrebbe essere?
EDIT : in qualche modo nmap --traceroute
non funziona in questo caso, ma traceroute
restituisce alcuni risultati interessanti:
$ nmap --traceroute 192.168.2.90
Starting Nmap 5.21 ( http://nmap.org ) at 2012-07-07 14:48 CEST
Warning: Traceroute does not support idle or connect scan, disabling...
Nmap scan report for 192.168.2.90...
$ traceroute 192.168.2.69
traceroute to 192.168.2.69 (192.168.2.69), 30 hops max, 60 byte packets
1 RT-G32 (192.168.1.1) 1.240 ms 1.375 ms 1.589 ms
2 10.17.64.1 (10.17.64.1) 10.396 ms 10.400 ms 10.372 ms
3 192.168.100.13 (192.168.100.13) 14.912 ms 16.572 ms 16.487 ms
4 192.168.2.69 (192.168.2.69) 13.146 ms 13.127 ms 14.658 ms
$ traceroute 192.168.2.90
traceroute to 192.168.2.90 (192.168.2.90), 30 hops max, 60 byte packets
1 RT-G32 (192.168.1.1) 1.466 ms 1.418 ms 1.551 ms
2 10.17.64.1 (10.17.64.1) 11.025 ms 11.005 ms 10.975 ms
3 192.168.100.13 (192.168.100.13) 10.958 ms 15.729 ms 15.715 ms
4 192.168.2.90 (192.168.2.90) 15.640 ms 15.561 ms 15.532 ms
Sono perplesso su come ho un link su 10.17.64.1
?
Dove esattamente nella RFC1918 c'è un riferimento a questo problema?