Naveen, A simple method of scanning non routable addresses follows what others have already advised but I wouldn't waste resources on encryption in a VPN to achieve it. Use a null-encryption VPN or use something like GRE tunneling to scan the address space. This reduces overhead in CPU effort for what-ever devices are tunneling for you as well as resolving the routing issue.
Do remember that most firewalls have limits on the number of concurrent connections available in say, a stateful firewall. An example is that a CheckPoint firewall can handle 15,000 connections on a Windows platform, 25,000 on the Nokia platform. These #'s can be increased but not without consideration to performance degradation. Also, scanning through most firewalls (where you have created a rule for yourself to allow unrestricted access) is best done with TCP connect scanning as each connection made will be terminated with a FIN that the firewall will see and will hence terminate the connection in the state table, freeing resources. UDP obviously is not stateful so this is not as much an issue and most firewalls have a table timer for a UDP connection of 30-40 seconds of inactivity before closing the table session. Again, if you have set up a rule to allow this, SYN scanning may set off various protection measures in a firewall that are not controllable in a rule. FIN scanning would be an efficient way to scan through a firewall but most block the connections outright, those that do not I have seen behave poorly (unstable). The one recommendation to place a scanner just outside the firewall seems like a better idea, or perhaps placing it inside the firewall to prevent any service degradation of the firewall or border router would be better. It could be a system that serves a dual purpose as you don't have to do this but once a week or so (you are scanning that often, right? ;). Regards, --dan Dan Bowman Director of Support Tenable Network Security http://www.tenablesecurity.com/ mailto:[EMAIL PROTECTED] -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Naveen Pareek Sent: Tuesday, August 05, 2003 12:42 AM To: [EMAIL PROTECTED] Subject: How to scan Private Network through Public Gateway Hi, I want to scan my company's private network. This will be external scan. There is one router with one public IP. Through that IP i want to scan private network of my company. Is it possible then how? If i'll put target as 192.168.0.0/24 then it will not scan because this IP is range is invalid. If i'll put 202.145.16.0/29 then it will scan only subnet of 202.145.16.0 but i want to scan 192.168.0.0 through this router ip address. (IP addresses are changed due to security reason.)Please help me out in this issue. Thanks & Regds Naveen Pareek Network Security Engg. Ecom Enable Pvt. Ltd.
