Šta je novo?

Sumnjive IP adrese

UmQui

Poštovan
Učlanjen(a)
17.04.2017
Poruke
9
Poena
51
Zdravo svima! Naime, koristim Telekomov ADSL. U podešavanjima, njegov DHCP dodeljuje adrese iz opsega 192.168.1.1/24. Iz radoznalosti sam pustio nmap da skenira 192.168.0.1/16 i pojavilo se sledećih nekoliko adresa:

Nmap scan report for 192.168.3.9
Host is up (0.0074s latency).
Not shown: 49170 closed ports, 16364 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.3.10
Host is up (0.0086s latency).
Not shown: 49518 closed ports, 16016 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.3.11
Host is up (0.0076s latency).
Not shown: 49828 closed ports, 15706 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.3.12
Host is up (0.0073s latency).
Not shown: 50502 closed ports, 15032 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.3.13
Host is up (0.0082s latency).
Not shown: 51862 closed ports, 13672 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.3.14
Host is up (0.0074s latency).
Not shown: 54442 closed ports, 11092 filtered ports
PORT STATE SERVICE VERSION
23/tcp open tcpwrapped

Nmap scan report for 192.168.17.1
Host is up (0.013s latency).
All 65535 scanned ports on 192.168.17.1 are closed (65446) or filtered (89)

Nmap scan report for 192.168.100.1
Host is up (0.012s latency).
All 65535 scanned ports on 192.168.100.1 are closed (65463) or filtered (72)

Nmap scan report for 192.168.100.102
Host is up (0.019s latency).
All 65535 scanned ports on 192.168.100.102 are closed (65484) or filtered (51)

Da li neko ima ideju o čemu se radi?
 
Probaj da skeniras neku od tih pronadjenih ip adresa sa -O argumentom da ti prikaze malo vise informacija, recimo koja je mac adresa i eventualno koji je softver u pitanju. Pa uporedi mac adrese, mozda su sve te ip adrese dodeljene na jednom uredjaju.

Kod:
nmap -O 192.168.1.100

MAC Address: aa:bb:cc:dd:ee:ff (vendor)
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6
OS details: Linux 2.6.17 - 2.6.36
Network Distance: 1 hop

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 2.22 seconds
 
Nigde ne pokazuje MAC adresu. Većinom su slični rezultati, negde je 23/tcp otvoren, negde je filtriran. I nije svuda isti broj hopova do adresa.

Starting Nmap 7.01 ( https://nmap.org ) at 2017-10-19 19:16 CEST
Nmap scan report for 192.168.3.9
Host is up (0.010s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: 3Com 5500-EI switch (93%), HP ProLiant BL p-Class C-Gbe2 switch (93%), Motorola 2210-02 ADSL modem (93%), Netopia 3366 ADSL router (93%), Netopia 3386 ADSL router (93%), Teltronics NET-PATH intrusion detection system (93%), ZyXEL ZyWALL 5 firewall (ZyNOS 4.04) (93%), Kyocera EP 470DN printer (92%), Cisco Catalyst 1900 Switch, Software v9.00.03 (92%), Cisco 2600 router (IOS 11.3) (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.3.10
Host is up (0.010s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), Adtran NetVanta 1224R or 3430 router (94%), Adtran Total Access 904 router (91%), Cisco IP Phone 7961G (91%), Linksys BEFSR41 EtherFast router (91%), Cisco IP Phone 7942G (90%), Cisco IP Phone 7941 (90%), 3Com 5500-EI switch (89%), HP ProCurve Secure Router 7102dl (89%), HP ProLiant BL p-Class C-Gbe2 switch (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.3.11
Host is up (0.011s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), Adtran NetVanta 1224R or 3430 router (94%), Adtran Total Access 904 router (91%), Cisco IP Phone 7961G (91%), Linksys BEFSR41 EtherFast router (91%), Cisco IP Phone 7942G (90%), Cisco IP Phone 7941 (90%), 3Com 5500-EI switch (89%), HP ProCurve Secure Router 7102dl (89%), HP ProLiant BL p-Class C-Gbe2 switch (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.3.12
Host is up (0.011s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), Adtran NetVanta 1224R or 3430 router (94%), Adtran Total Access 904 router (91%), Cisco IP Phone 7961G (91%), Linksys BEFSR41 EtherFast router (91%), Cisco IP Phone 7942G (90%), Cisco IP Phone 7941 (90%), 3Com 5500-EI switch (89%), HP ProCurve Secure Router 7102dl (89%), HP ProLiant BL p-Class C-Gbe2 switch (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.3.13
Host is up (0.011s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), Adtran NetVanta 1224R or 3430 router (94%), Adtran Total Access 904 router (91%), Cisco IP Phone 7961G (91%), Linksys BEFSR41 EtherFast router (91%), Cisco IP Phone 7942G (90%), Cisco IP Phone 7941 (90%), 3Com 5500-EI switch (89%), HP ProCurve Secure Router 7102dl (89%), HP ProLiant BL p-Class C-Gbe2 switch (89%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.3.14
Host is up (0.0076s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp open telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Aggressive OS guesses: 3Com 5500-EI switch (93%), HP ProLiant BL p-Class C-Gbe2 switch (93%), Motorola 2210-02 ADSL modem (93%), Netopia 3366 ADSL router (93%), Netopia 3386 ADSL router (93%), Teltronics NET-PATH intrusion detection system (93%), ZyXEL ZyWALL 5 firewall (ZyNOS 4.04) (93%), Cisco Catalyst 1900 Switch, Software v9.00.03 (92%), Cisco 2600 router (IOS 11.3) (92%), Cisco 2811 router (IOS 12.X) (92%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops

Nmap scan report for 192.168.17.1
Host is up (0.0086s latency).
Not shown: 993 closed ports
PORT STATE SERVICE
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Cisco Nexus 7010 switch (NX-OS 5) (90%), Cisco Nexus 7010 switch (NX-OS 5.1(2)) (90%), Cisco Nexus switch (NX-OS 5.1(3)) (90%), FreeBSD 8.0-RC1-p1 (88%), GlobespanVirata GS8100, Huawei MT880, or Solwise SAR 100 ADSL modem (88%), HP iLO 2 remote management interface (88%), Efficient Networks SpeedStream 4100 ADSL router (87%), Microsoft Xbox 360 Dashboard (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 9 hops

Nmap scan report for 192.168.100.1
Host is up (0.015s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), 3Com 5500-EI switch (91%), 3Com SuperStack 3 Switch 4500 (91%), Adtran NetVanta 1224R or 3430 router (91%), Adtran Total Access 904 router (91%), HP ProLiant BL p-Class C-Gbe2 switch (91%), Motorola 2210-02 ADSL modem (91%), Netopia 3366 ADSL router (91%), Netopia 3386 ADSL router (91%), Teltronics NET-PATH intrusion detection system (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 8 hops

Nmap scan report for 192.168.100.102
Host is up (0.016s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp filtered ssh
23/tcp filtered telnet
25/tcp filtered smtp
113/tcp filtered ident
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
515/tcp filtered printer
1025/tcp filtered NFS-or-IIS
6129/tcp filtered unknown
Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Aggressive OS guesses: Efficient Networks SpeedStream 4100 ADSL router (97%), 3Com 5500-EI switch (91%), 3Com SuperStack 3 Switch 4500 (91%), Adtran NetVanta 1224R or 3430 router (91%), Adtran Total Access 904 router (91%), HP ProLiant BL p-Class C-Gbe2 switch (91%), Motorola 2210-02 ADSL modem (91%), Netopia 3366 ADSL router (91%), Netopia 3386 ADSL router (91%), Teltronics NET-PATH intrusion detection system (91%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 8 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 9 IP addresses (9 hosts up) scanned in 345.20 seconds
 
Da bi se pojavila MAC adresa kada skeniras recimo 192.168.3.0/24 podesi manuelno isti subnet na tvom racunaru sa koga skeniras.
 
Davno sam radio mreže, pa mi molim te pomozi. subnet-calculator za 192.168.3.1 kaže da je subnet mask (ako je to ono što treba da podesim?) takođe 255.255.255.0. Ili misliš da manuelno postavim svoj računar na recimo 192.168.3.2? Ne znam šta tačno treba da uradim.
 
Ako skeniras 192.168.0.0/16, a mrezni interfejs na racunaru ti je podesen na recimo 192.168.0.2/24, onda saobracaj ide kroz default gateway 192.168.0.1/24 koji nekako pronalazi te host adrese iz tvoje scan liste.

Ako stavis recimo 192.168.0.2/16 (255.255.0.0) za lokalni mrezni interfejs i ponovis scan, i ako vidis i dalje 192.168.3.0 adresu onda je taj host na istom switchu kao i tvoj racunar i ujedno dobijas i njegovu MAC adresu. Ali ako je taj host 192.168.3.0/24 onda neces dobiti odgovor, pa moras i ti stavis 192.168.3.2/24.

Neka pretpostavka je da su ove 192.168.17.0 adrese u vezi sa virtualnom mrezom za VMWARE i tome slicno, ako imas nesto od toga instalirano na racunaru, a 192.168.100.0 moze da bude neka adresa na tvom adsl ruteru.
 
Poslednja izmena:
Bolje da opišem celu situaciju.

Mreža izgleda: ADSL router 192.168.1.1/24, na njemu je jedan računar i nekoliko wireless uređaja, iza čega dolazi switch sa dva računara. Zaista imam neke virtuelne mašine, da li su radile kad i scan, ne znam.

Međutim, moraću ovo da odložim do 6.11, pa ću nastaviti temu, imam ispit. Hvala ti neizmerno na pomoći!

Zanimljivo, sada sam pokušao svaku da pingujem, nijedna nije dostupna...
 
Poslednja izmena:
Ping ne mora da bude merilo, mozda su blokirani icmp paketi.
 
Nazad
Vrh Dno