Find the answer to your Linux question:
Results 1 to 6 of 6
Hi, I take care of a small network, about 130 systems behind a NAT box. This is one of 2 networks at this school. It is of constant concern about ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined! Kumado's Avatar
    Join Date
    Jul 2006
    Posts
    86

    machine on my broadcast ip


    Hi,

    I take care of a small network, about 130 systems behind a NAT box. This is one
    of 2 networks at this school. It is of constant concern about interference from the other
    network individual.
    2 of my main feeds go through their network. I am "not allowed" access or control of these feeds.

    For a little while I have had strange effects in the network and then while doing a full nmap, I
    discover a system on my broadcast IP. ( x.y.z.255 ) The OS is not identified. It says :

    nmap -sS -O x.y.z.255

    Starting nmap 3.81 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2009-06-09 16:39 EDT
    Host x.y.z.255 seems to be a subnet broadcast address (returned 10 extra pings). Still scanning it due to ping response from its own IP.
    Interesting ports on x.y.z.255:
    (The 1660 ports scanned but not shown below are in state: closed)
    PORT STATE SERVICE
    23/tcp open telnet
    80/tcp open http
    443/tcp open https
    MAC Address: 00:14:BF:5F:A9:29 (Unknown)
    No exact OS matches for host (If you know what OS is running on it, see Nmap Fingerprint Submitter 2.0).
    TCP/IP fingerprint:
    SInfo(V=3.81%P=i586-suse-linux%D=6/9%Tm=4A2EC8A7%O=23%C=1%M=0014BF)
    TSeq(Class=TR%IPID=RD%TS=U)
    T1(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=)
    T1(Resp=Y%DF=N%W=200%ACK=O%Flags=AS%Ops=)
    T2(Resp=Y%DF=N%W=0%ACK=S%Flags=AR%Ops=)
    T3(Resp=Y%DF=N%W=200%ACK=S++%Flags=AS%Ops=)
    T3(Resp=Y%DF=N%W=200%ACK=O%Flags=AS%Ops=)
    T4(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T5(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    T6(Resp=Y%DF=N%W=0%ACK=O%Flags=R%Ops=)
    T7(Resp=Y%DF=N%W=0%ACK=S++%Flags=AR%Ops=)
    PU(Resp=N)



    Nmap finished: 1 IP address (1 host up) scanned in 25.401 seconds

    I can't telnet or connect by browser because " Network is unreachable "

    Is there any methods or tests to find out more about this machine?

    Thanks

    kumado

  2. #2
    Linux Engineer b2bwild's Avatar
    Join Date
    Jul 2008
    Location
    Behind You!
    Posts
    1,108
    If you can manually ping the broadcast address, then the network should not be unreachable.

    Well thats not possible with 32bit IPv4 addressing.
    X_X Very strange.
    Never make any misteaks.

    Read my Blog at --> Penguin Inside Subscribe Feed

  3. #3
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    If you want to change your local system so that this is "just another node IP", then change your subnet mask.

    Existing config:

    192.168.156.0/24

    Problem IP = 192.168.156.255

    Change your local NIC to:

    192.168.156.0/23 (Subnet mask changes from 255.255.255.0 to 255.255.254.0)

    Now 192.168.156.255 is not a broadcast address and you can telnet/SSH to it.

    * If there are machines on another VLAN using 192.168.157.X addresses, you will not be able to reach them. Just change the NIC info back to the original to correct the routing table once done.

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer b2bwild's Avatar
    Join Date
    Jul 2008
    Location
    Behind You!
    Posts
    1,108
    Well, thats a solution..
    only thing is, you need to have redefine the routing between two subnets.
    Never make any misteaks.

    Read my Blog at --> Penguin Inside Subscribe Feed

  6. #5
    Linux Guru
    Join Date
    Nov 2007
    Posts
    1,763
    Quote Originally Posted by b2bwild View Post
    Well, thats a solution..
    only thing is, you need to have redefine the routing between two subnets.
    No - no network changes are made on any network devices. This is strictly done on the local machine. The local machine will still send packets not destined for the local VLAN (192.168.156.0/23) to its gateway. As stated, *if* there are actually machines on a 192.168.157.0/24 network, your local machine will not be able to reach them while you have the subnet mask set "incorrectly."

  7. #6
    Just Joined! Kumado's Avatar
    Join Date
    Jul 2006
    Posts
    86
    I can't ping it though nmap says it is.

    I am at home atm, I was having one of my buddies run the same
    test, just change the subnet from x.x.240.0 to x.x.224.0. He
    has not told me what happened yet.

    I ran a check online and the mac belongs to linksys. I only have
    one managed switch, 2 APs and possibly a few linksys nics out
    there.

    ahhhm the game is afoot, to hunt and string up a spy...

    Thanks all

    kumado

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •