2
Is there any possible way to scan for hosts behind a router by knowing the router's IP address and the network address of the LAN ?
I don't mean port scanning of hosts behind a router where NAT's and port-forwarding things kick's in,
I just mean which hosts are available in LAN behind a router.
Thank's.
PS: I tried Reverse-DNS querying a router (not my router) for all possible IP addresses of the LAN (since I know it's network address).although it works but it always shows hostnames for IP's no matter if the host is up or not.
Kaleem Ullah
Posted 2016-11-22T20:29:05.540
Reputation: 61
In a correctly configured gateway scenario, what you ask for is impossible on purpose. you would probably need to compromise the router, or deploy a RAS kit on a host within the LAN. Absent one of these methods, you have little hope of enumerating the hosts on the LAN directly. – Frank Thomas – 2016-11-22T21:27:40.683
when I reverse DNS query a private IP address using the gateway IP as DNS server, it replies me back with hostname if that IP is up in the LAN. is this something A gateway shouldn't do? – Kaleem Ullah – 2016-11-22T21:32:25.303
I would agrue that your routers DNS server is mis-configured if it is resolving queries for clients outside the LAN, yes. I would certainly never allow people outside my lan to access my DNS server, but stateful firewalling with UDP is difficult, so you should probably lock down your firewall to allow udp\53 traffic only from known DNS servers you forward to from the inside, so that their responses come in, but no one can see your DNS server. – Frank Thomas – 2016-11-22T21:38:00.137