Popshot Posted October 30, 2016 Share Posted October 30, 2016 Hello everyone, I just tried a nmap Scan with a x.x.x.* at the end to perfom a scan. The Result was more then 100 Hosts which seem to be up even some with a bitcoin service and the relating port open. So my question is what does this mean? Kind Regards, Pop Quote Link to comment Share on other sites More sharing options...
digininja Posted October 30, 2016 Share Posted October 30, 2016 It means something responded to probes on those IPs. Without any more information that is about the best anyone can say. If you want a better answer you'll need to tell us things like: Is it an internal or external scan Are the hosts you scanned up or down - do you know for sure Are the services really running on those machines - if they are ones you own then you can check them from the machine themselves Quote Link to comment Share on other sites More sharing options...
Popshot Posted October 30, 2016 Author Share Posted October 30, 2016 (edited) Hey digininja, I did a internal scan. This is the long list, there are around 15 which I know from my network, the other ones I dont. ... Edited October 31, 2016 by digininja Trimmed nmap results at users request Quote Link to comment Share on other sites More sharing options...
digininja Posted October 30, 2016 Share Posted October 30, 2016 Is 192.168.178.0/24 your internal network? Do you share it with anyone else? Quote Link to comment Share on other sites More sharing options...
Popshot Posted October 30, 2016 Author Share Posted October 30, 2016 Its my internal network yes. I share with with some 2 other people. Quote Link to comment Share on other sites More sharing options...
digininja Posted October 30, 2016 Share Posted October 30, 2016 If you want to know what things are, turn all the devices off then scan again, slowly turn things on again and you'll see what things are what. Once you've identified everything you can then work out what the open ports are. Quote Link to comment Share on other sites More sharing options...
Popshot Posted October 30, 2016 Author Share Posted October 30, 2016 thank you, thats a good approach. Kind Regards Quote Link to comment Share on other sites More sharing options...
digip Posted October 30, 2016 Share Posted October 30, 2016 (edited) Is this a home network? If so, thats a lot of machines, unless this were a business or one of you has some virtual machines bridged directly to the network. I gather there would be many more for a business, but if only you and 2 others use the network, you might want to inventory all of your physical equipment and their MAC addresses, then do another nmap scan to match known machines. A ping sweep and arp -a display will get you all the IP to mac addresses as well. You might find more there with an arp scan, than show on a normal nmap scan alone if they ignored the scan, depending on what you scanned with and what replies to ARP. Would also say, if you use wifi, make sure all of the routers in use are locked down, and no one has bridged their wireless network to piggyback off of yours. If you find that most of these machines are NOT yours, that would be troubling. If only wired, then I'd say dig some more after matching all physical nodes to corresponding hardware ID's and IP addresses and then track down the other machines or blacklist their MAC addresses on the network till someone complains their machine is down. Just another thought, if you can't find the machines, check who has what iOT devices on the network, such as security cameras, thermostats, etc. Don't want to become part of the iOT botnet thats taking down half the internets....lol Edited October 30, 2016 by digip Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.