What's new

SOLVED: Pentesting my DMZ

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

bwana

Regular Contributor
I connected my laptop to the wan port of a link sys BEPVF41 router whose DMZ is enabled. I set the ip of the WAN side of the router to 192.168.1.15 The router lan side is 192.168.0.1. The router DMZ is 192.168.0.10. The laptop is set to 192.168.1.12. No other network connections are enabled. Neither laptop nor router are connected to anything else. I ran several nmap scans against the router but get no open ports. Shouldn't all its ports be open and mapped to the DMZ ip?
 
What IP did you run the scans against? Also, what are the gateway settings for both machines?
 
What IP did you run the scans against? Also, what are the gateway settings for both machines?

The gateway of the the target router and the pc are both set to 192.168.1.1 but there is no actual hardware with that ip in this construct.

NMAP is set to scan the wan ip of the target router, 192.168.1.15. various scans were tried including options, -O, - p -, -sA. each option was tried individually)).

To understand better what I am trying to communicate, consider the following common real world construct. Internet->cable/dsl modem->router with DMZ set to a.b.c.d->devices. Router with DMZ set is called the 'outside router'. The devices include various servers and another router whose wan ip is the DMZ ip. this is the 'target router' and its wan port is connected to a lan port of the outside router.

However, because this is a testing scenario , there is no outside router. Effectively, the the pc and the wan port of the target router are connected on the same lan. I could put them on a switch but to simplify matters, The pc is wired directly to the wan side of the router. I am using my pc to probe and test my router so effectively, the pc is behaving like someone on the 'raw internet' might be.
 
I figured it out. I actually need to have a device connected with the DMZ ip. DUH. I was expecting the router to tell me that ALL ports to the DMZ ip were open if no device was connected.
 
Jeez, I should have caught that. Glad you got it sorted and reported back.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top