0

Let's say that I'm connected to a network where the ISP has setup a dst-nat from an IP they don't control to an IP that they control,like so:

1- Their DNS server resolves example.xyz to 1.1.1.1 (the ISP doesn't own/control this IP)

2- The ISP hosts a site at x.x.x.x which the ISP controls and maybe part of their network.

3- The ISP has a dst-nat firewall rule so that if you connect to example.xyz(i.e 1.1.1.1) it actually connects to x.x.x.x and displays the site hosted by ISP.

If you run a whois test on 1.1.1.1 you'll get a real data of the faked/spoofed IP.

I don't know the real IP (x.x.x.x) and don't know where it leads.

How can I gather more information about the real server that hosts the site? is it possible to investigate about an IP that's behind a dst-nat. If it's not possible to get the real IP then can I at least get the distance between my location(my IP) and the location of the server(x.x.x.x)

Regards

MOHAMMAD RASIM
  • 111
  • 3
  • Not unless you can gain access to the server to get it to give you the info. If the traffic is going through `1.1.1.1`, then that's what you get. And any distance you determine will be to the NAT, not what's behind the NAT. – schroeder Mar 31 '20 at 22:00
  • How can they setup dst-nat from an address they *don't* control? You mean it's your access provider and they have installed it on your upllink router, say? – Hagen von Eitzen Apr 01 '20 at 06:06
  • @HagenvonEitzen well you can, it's easy really I've accomplished it before using a Mikrotik router, let's just say that the ISP is streaming pirated content on that site, and to avoid legal problems they have setup a dst-nat to spoof a random IP from a distant country. And that's what I'm trying to investigate – MOHAMMAD RASIM Apr 02 '20 at 21:14

0 Answers0