I want to scan the ports of my neighbor's computer. I know the global IP address. However I can scan only the router, not the computer in the network. Is it possible to scan a computer in a different network just by knowing the router IP?
Asked
Active
Viewed 1,078 times
1
-
1Well, if I'm in wifi range of said network (you said it was a neighbour), I would probably use social engineering to get the wifi key for said network and then I'd have access via wifi. As I heard it said before, amateurs attack a machine, professionals attack the human. – ewanm89 Jun 17 '16 at 18:31
-
I think ,I mislead by saying neighbor . I would like to learn to scan when I am outside of the network. – ccca Jun 17 '16 at 18:34
-
1Well, generally you would need to penetrate the router itself to get through the NAT. – ewanm89 Jun 17 '16 at 18:35
-
3It is possible, but you would need to be able to exploit the router/firewall that is NAT'ing the connection on his end. Alternatively, you could scan his external IP and try every possible exploit against any open ports you find in the hopes of being able to get into the network. After you are inside, it will make exploiting a given machine/service much easier since you no longer have to contend with everything being NAT'ed. I should mention that most routers will block all incoming traffic unless the user specifies a given service or port be accessible to the internet.. – Richie086 Jun 17 '16 at 20:41
1 Answers
2
Your neighbour router is acting as a firewall¹
This is actually a side effect of NAT: the router is blocking the connections from the outside to the intranet.² In order to interact with a computer in the intranet from the outside,³ the appropriate port needs to have been open in the router to that computer. And you will only be able to interact through that port.⁴
Given your description, the internal network is not accessible from the outside, so there's no forwarding of packets from the internet onto it.
Thus, the only way to scan a computer in the internal network would be to jump into a host directly connected to the internal. This could be either the router itself or any computer on the intranet that is accessible from the external network. And it could both be an unintended access (like exploiting a vulnerability on one of those computers) or an allowed one (like publishing a ssh server or VPN endpoint).
¹ Albeit a very basic one
² There are loads of vulnerable systems not exploitable because of this. If the network is changed to implement IPv6, they may become exposed though.
³ I am exclusively taking into account remote-initiated connections, not eg. the interaction with an internal browser of the requested web server. Nonetheless, having an internal user to connect to you (be that opening a website that runs a browser exploits to directly tricking the user to run a remote shell) is a potential concern.
⁴ There are some cases where more ports may be dynamically opened, like with routers that inspect FTP.
