How can I tell if a host is bridged and acting as a router

Posted by makerofthings7 on Server Fault See other posts from Server Fault or by makerofthings7
Published on 2012-10-21T01:58:42Z Indexed on 2012/10/21 5:08 UTC
Read the original article Hit count: 151

Filed under:

security

|

ip

|

routing

|

dmz

|

icmp

I would like to scan my DMZ for hosts that are bridged between subnets and have routing enabled. Since I have everything from VMWare servers, to load balancers on the DMZ I'm unsure if every host is configured correctly.

What IP, ICMP, or SNMP (etc) tricks can I use to poll the hosts and determine if the host is acting as a router?

I'm assuming this test would presume I know the target IP, but in a large network with many subnets, I'd have to test many different combinations of networks and see if I get success. Here is one example (ping):

For each IP in the DMZ, arp for the host MAC
Send a ICMP reply message to that host directed at an online host on each subnet

I think that there is a more optimal way to get the information, namely from within ICMP/IP itself, but I'm not sure what low level bits to look for.

I would also be interested if it's possible to determine the "router" status without knowing the subnets that the host may be connected to. This would be useful to know when improving our security posture.

© Server Fault or respective owner

Related posts about security

sudo apt-get update errors

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
Here is what I get on my terminal when running sudo apt-get update errors. I dont know if the issue is from my sources.list or my proxy setup(have not made any changes to proxies). Thank you for any help in advanced. Ign http://security.ubuntu.com oneiric-security Release.gpg Ign http://security… >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Devx - Search for 'Devx'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
The Security-Developer Gap: Why IT Security Can't Fix Your Security Problems Alone

as seen on Internet.com - Search for 'Internet.com'
Two well-known white hats explain how hackers take advantage of security holes left by enterprise application developers. >>> More
StackOverFlowError while creating Mac object on AS400/Java

as seen on Stack Overflow - Search for 'Stack Overflow'
Hello all, I am a newbie to AS400-Java programming. I am trying to create my first program to test the implementation of Message Authentication Code (MAC). I am trying to use the HMACSHA1 hash function. My (Java 1.4) program runs fine on a dev box (V5R4).But fails terribly on the QA box (V5R3). My… >>> More
Google App Engine - Spring Security Issue (java.security.AccessControlException)

as seen on Stack Overflow - Search for 'Stack Overflow'
I'm currently getting the AccessControlException below when I deploy to app engine (I don't see it when I run in my local environment). I'm using GAE 1.3.1, Spring 3.0.1, and Spring Security 3.0.2. Any ideas how to get around this issue? It appears to be an issue with Spring Security trying to get… >>> More

Related posts about ip

Getting USB Wifi device to work

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I have been trying to get an Olitec Wifi N USB dongle to work. At first it lit up but wouldn't connect. A little Googling suggested that it would need ndiswrapper to make it work. After installing and trying to add driver with ndisgtk, I got the error message FATAL: Module ndiswrapper not found.… >>> More
Cisco 800 series won't forward port

as seen on Server Fault - Search for 'Server Fault'
Hello ServerFault, I am trying to forward port 444 from my cisco router to my Web Server (192.168.0.2). As far as I can tell, my port forwarding is configured correctly, yet no traffic will pass through on port 444. Here is my config: ! version 12.3 service config no service pad service tcp-keepalives-in service… >>> More
Cisco 881 losing NAT NVI translation config after reload

as seen on Server Fault - Search for 'Server Fault'
This is a weird one, so I'll try to explain in as much detail as I can so I'm giving the whole picture. As I've mentioned in my other questions, I'm in the process of setting up a new Cisco 881 as my WAN router and NAT firewall. I'm facing an issue where NAT NVI rules that I have configured are not… >>> More
Bind an ip address to Postfix as outgoing ip

as seen on Server Fault - Search for 'Server Fault'
Is that possible to bind all available public ip addresses on a server to one Postfix instance as its outgoing ip pool and let it choose a random ip or specified ip from the pool each time it sends out an email? If above is not possible, can it be configured to listen on one public ip address per… >>> More
What approach to take for SIMD optimizations

as seen on Stack Overflow - Search for 'Stack Overflow'
Hi, I am trying to optimize below code for SIMD operations (8way/4way/2way SIMD whiechever possible and if it gives gains in performance) I am tryin to analyze it first on paper to understand the algorithm used. How can i optimize it for SIMD:- void idct(uint8_t *dst, int stride, int16_t *input… >>> More