Jump to content

nmap ?


HBomb
 Share

Recommended Posts

ok .. one of my neighbors was just on my wireless im sure of it .. i disabled it and my speeds returned..i live in rural area so i dont worry 2 much about the security of it.

the question is .. how do i use nmap to scan for the intruder... and i remember once i did a nmap scan that returned the compname or user-name of a computer .. and once i returned the comp names there were once on my network but not connected when i ran the scan... can u help me out .. ??? i have forgotten how to use it and would appreciate it if some one could give me the proper commands... using the zenmap gui thing.

Link to comment
Share on other sites

You can use nmap -sP 192.168.0.1/24 to do a simple ping sweep of the range 192.168.0.1 - 192.168.0.255.

But you may want to check out autoscan http://autoscan-network.com.

From the autoscan website:

AutoScan-Network is a network discovering and managing application. No configuration is required to scan your network. The main goal is to print the list of connected equipments in your network.
Link to comment
Share on other sites

why use nmap when you can just go into your routers settings and look at the dhcp table... if you dont want him on your network put a wpa2 password on it.

(

w00t! I second that, and if your really paranoid, do a mac address use only (where if the mac address doesnt match what's in the database, it does not connect) add that with turning off the ssid broadcast, and your pretty secure

Link to comment
Share on other sites

  • 2 weeks later...
why use nmap when you can just go into your routers settings and look at the dhcp table... if you dont want him on your network put a wpa2 password on it.

That's what I do - WPA2 + MAC Address whitelist. Works flawlessly for me.

Exactly what needs to be done. The DHCP Clients table will see what IPs are assigned from the router. WPA2 is still breakable so the whitelisted MAC address is way more secure.

Link to comment
Share on other sites

Just be sure they haven't set their own IP address, because if they do, they will not show up in the dhcp table at all. Its a bit frowned upon as a tool, but Cain can do a really good arp sweep of your subnet, and show all connected devices, without having to worry about command line switches in nmap. Thing about nmap is, not all mahcines respond to the pings if their firewall blocks the icmp requests, but all machines that get a ping and ignore it will still return an arp, so if any nmap scan returns no results, be sure to have an additional command line window open and run "arp -a" once you ping sweep the entire subnet.

You should then see all the connected devices mac addresses, as well as the routers. Be sure you know what mac is the router, because if you only see one mac, then its your router and you are the only one on the network.

Link to comment
Share on other sites

Here's a thought...you could approach him and ask if he has "accidentally" been using your wifi and if he has his own internet access, (you could say you need to know because your network caught a OMFG virus or some shit).

Reasoning?...maybe if has no net access of his own, he may like to contribute some cash for your monthly bill for some legitimate access...you could always QOS his connection anyway.

If he's an asshole about it, let him know that you'll be turning over your system logs over to the police, (even if you don't, he won't know that)

Adavantages with this approach...maybe you could make a new buddy and help subsidise your monthly outlay....worst case scenario, you've learned a little about security and had an opportunity to develope some social engineering skills.

Link to comment
Share on other sites

  • 1 month later...
ok .. one of my neighbors was just on my wireless im sure of it .. i disabled it and my speeds returned..i live in rural area so i dont worry 2 much about the security of it.

the question is .. how do i use nmap to scan for the intruder... and i remember once i did a nmap scan that returned the compname or user-name of a computer .. and once i returned the comp names there were once on my network but not connected when i ran the scan... can u help me out .. ??? i have forgotten how to use it and would appreciate it if some one could give me the proper commands... using the zenmap gui thing.

What's with you guys? The young Mitnick would be ashamed...

Have some fun with him. As long as he isn't doing anything illegal, or use a lot of bandwidth with torrents, keep him on the network.

Run Nmap,

find his IP,

MITM with ettercap.

Write a filter that swaps every image with "goatse.jpg" see how long he keeps using the network .

????

PROFIT!

Be creative, I thought having fun with guys like this was standard stuff. If he keeps using it, add more filters once a day, redirect him from google to klingon google.

I know this is a late reply, but C'MON! Hacking is about having fun!

-Jez

Link to comment
Share on other sites

What's with you guys? The young Mitnick would be ashamed...

Have some fun with him. As long as he isn't doing anything illegal, or use a lot of bandwidth with torrents, keep him on the network.

Run Nmap,

find his IP,

MITM with ettercap.

Write a filter that swaps every image with "goatse.jpg" see how long he keeps using the network .

????

PROFIT!

Be creative, I thought having fun with guys like this was standard stuff. If he keeps using it, add more filters once a day, redirect him from google to klingon google.

I know this is a late reply, but C'MON! Hacking is about having fun!

-Jez

As much as I agree that this is the best solution, I would just create a MAC whitelist, encrypt the network, and disable the SSID broadcast.

Link to comment
Share on other sites

Exactly what needs to be done. The DHCP Clients table will see what IPs are assigned from the router. WPA2 is still breakable so the whitelisted MAC address is way more secure.

You've got to be kidding. WPA2 while it is breakable it's hardly a trivial task. Sure you could create a rainbow table but that takes lots of time. You could use parallel processing to brute force the key but again, that still takes

MAC filters are about as good as cloaking the SSID. Both are easily circumvented and aren't very secure.

For cloaked SSID just passively monitor with Kismet within a minute you'll get the SSID

For MAC filters one only has to spoof the MAC of an already connected client.

Me, I leave my wifi wide-open. However,

wireless clients are isolated from the LAN on their own seperate physical network and they are also isolated from each other.

Wireless clients must also login to the portal using ssl, in order to gain access to the internet. I'm not concerned with encrypting the normal data streams.

I'll be implementing a Radius server once the snow starts falling.

Link to comment
Share on other sites

While I admit that it would be fun to toy around with said 'hacker' you have to admit there are not THAT many people around that know what we know. He lives in a rural area, so most probably either that person connected by accident, OR they just let themselves in.

I would just cloak/whitelist and be done with it. No fuss, and no mess. If your that paranoid, and you have a WRT54g (or better), just go get DD-WRT, make 2 Vlans for it, set the mac addresses, and on the second Vlan, make it loop to nowhere. To top it all off, you could just make it to where only a certain amount of people can be on at one time, so even if they tried to connect it just would not.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...