6

I have been search on the internet for some time but can't really find an answer to my question;

Is it possible (common) to scan or hack a network device (such as a router or computer) without being connected to that network?

For example, can I use tools such as Nmap, Metasploit, or Nessus to scan a MAC address for vulnerabilities or open ports?
Can I take that further and remotely compromise a system without a connection to it?

I know there is tools such as Aircrack, but that uses promiscuous mode enabled network cards.

I'm assuming the answer is no because there is secuirty measures in place that would probaly block any sort of connection outside authentication.

nyedidikeke
  • 123
  • 1
  • 1
  • 7
Gavin Youker
  • 1,270
  • 1
  • 11
  • 23

2 Answers2

3

In addition to the existing response:
You can mount indirect attacks where you use another device which has access to both the (external) attacker and to the internal target device. A common available device is a normal computer where the user surfs the internet with a web browser. Since the web browser has access to both the internal and external network it can be used as a trampoline for the attacker. To just give some examples of possible attacks which could be delivered for example within a displayed advertisement:

  • Scan the internal network, i.e. find out which hosts exists and even which ports might be open. Sending HTTP requests to internal hosts can be done for example with embedding images like <img src=//internal-host:1234/> and with some Javascript it can be determined if the request timed out (host does not exist or packets gets dropped) or not (host exists). With some more logic one can even find out some browser controlled devices available on the network by trying to access device specific URL's.
  • Using CSRF or similar attacks it might even be possible to take over these systems then, i.e. change the DNS settings of routers so that the attacker can MITM any outgoing traffic from the network or even modify the firmware of printers. None if these attacks needs that the devices can be accessed from outside. These are not only theoretical attacks but are actually done at a large scale.
Steffen Ullrich
  • 184,332
  • 29
  • 363
  • 424
1

Is it possible (common) to scan or hack a network device (such as a router or computer) without being connected to that network?

Yes. But it depends if there are any open services accessible from the internet.

You can scan the IP of the router using Nmap and see if any services are open and try and exploit them one by one. You can also try to identify the OS and its version and try to use that exploit vector.

Of course a DoS/DDoS will probably work if this is something you are interested in.

Some routers will block all kinds of port scans and other attack methods but they would never block outside traffic since their job is to connect the internal network to the external network (the internet).

Bubble Hacker
  • 3,615
  • 1
  • 11
  • 20
  • Thanks for the response. How does one scan the router using the IP address of the router like you say? I guess I'm asking, are you referring to the public or private IP address? – Gavin Youker Nov 27 '16 at 06:30
  • Public IP. The "private" IP is used for internal communication while the "public" is used for external communication which is the case here. – Bubble Hacker Nov 27 '16 at 06:53