how does this work? Modems/IPs/PCI Scans
-
You should watch that video on NAT that I posted. That will expand further on what I said.
-
When you say "modem" what do you mean exactly? What is it connected to?
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FM -
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
-
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
I would have to look into the modem to see if it has built in router.
most cable modems, at least these days, have built in routers though, so i'm going to go with yes, it has a built in router. -
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
I would have to look into the modem to see if it has built in router.
most cable modems, at least these days, have built in routers though, so i'm going to go with yes, it has a built in router.In router mode
If it's in router mode you will likely have:
IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC
Also called double NAT. The original IP address get translated into another IP address two times.In bridge mode
IP given to you by ISP -> cable modem -> IP given to you by ISP -> FW -> IP handed out from FW -> PC
The original IP address get translated into another IP address one time (in the FW).I say "IP given to you by ISP" instead of public IP because in some cases it might not be a public IP at all. It depends on the ISP. It's probably most likely to encounter this on cellular networks or where it is unlikely that you host servers and have incoming traffic.
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
I would have to look into the modem to see if it has built in router.
most cable modems, at least these days, have built in routers though, so i'm going to go with yes, it has a built in router.In router mode
If it's in router mode you will likely have:
IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC
Also called double NAT.In bridge mode
IP given to you by ISP -> cable modem -> IP given to you by ISP -> FW -> IP handed out from FW -> PC
I say "IP given to you by ISP" instead of public IP because in some cases it might not be a public IP at all. It depends on the ISP.
so, what i'm taking from all of this is ; if a PCI scan was done on the site, with 2 pcs, one behind a fw
(IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC)
and one not
(IP given to you by ISP -> cable router -> IP handed out from cable router ->PC)then chances are it's scanning the right PC and the fail is on the FW - right?
-
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
I would have to look into the modem to see if it has built in router.
most cable modems, at least these days, have built in routers though, so i'm going to go with yes, it has a built in router.In router mode
If it's in router mode you will likely have:
IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC
Also called double NAT.In bridge mode
IP given to you by ISP -> cable modem -> IP given to you by ISP -> FW -> IP handed out from FW -> PC
I say "IP given to you by ISP" instead of public IP because in some cases it might not be a public IP at all. It depends on the ISP.
so, what i'm taking from all of this is ; if a PCI scan was done on the site, with 2 pcs, one behind a fw
(IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC)
and one not
(IP given to you by ISP -> cable router -> IP handed out from cable router ->PC)then chances are it's scanning the right PC and the fail is on the FW - right?
It can only scan the device that answers the IP it is scanning.
So it will scan the cable router if it's in routing mode.
It will scan the firewall if the cable modem is in bridge mode.If you have set up port forwarding in either one however, those scans will also be forwarded.
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
When you say "modem" what do you mean exactly? What is it connected to?
This question confuses me.
A modem is a modem, right? connects to the Cable and becomes internet through FMA modem is a modulator/demodulator. But there are many types of modems and some modems are not modems at all. People who don't know better just call them that. That's why I asked.
in this case, a Cable Modem would be a modem or no?
It's taking in the cable signal then changing it an internet connection or no?
Yes. Cable mode is a modem.
But there could be two types of very similar devices,
- cable modem that will work as a network bridge. Meaning it is transparent on the network.
- cable modem with built in router, works as a router. Will do things on the network.
Some devices are multi-purpose and can be run in bridge mode or in router mode.
I would have to look into the modem to see if it has built in router.
most cable modems, at least these days, have built in routers though, so i'm going to go with yes, it has a built in router.In router mode
If it's in router mode you will likely have:
IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC
Also called double NAT.In bridge mode
IP given to you by ISP -> cable modem -> IP given to you by ISP -> FW -> IP handed out from FW -> PC
I say "IP given to you by ISP" instead of public IP because in some cases it might not be a public IP at all. It depends on the ISP.
so, what i'm taking from all of this is ; if a PCI scan was done on the site, with 2 pcs, one behind a fw
(IP given to you by ISP -> cable router -> IP handed out from cable router -> FW -> IP handed out from FW -> PC)
and one not
(IP given to you by ISP -> cable router -> IP handed out from cable router ->PC)then chances are it's scanning the right PC and the fail is on the FW - right?
It can only scan the device that answers the IP it is scanning.
So it will scan the cable router if it's in routing mode.
It will scan the firewall if the cable modem is in bridge mode.If you have set up port forwarding in either one however, those scans will also be forwarded.
That makes a lot more sense
-
It sounds like your network looks like this
-
If you're failing PCI audits, it's likely because you have UPNP enabled on one or more firewalls, and the computers behind those firewalls are poking holes through your firewall - either that, or whomever setup the firewalls did port forwarding - OR the firewalls were hacked, and a hacker opened the ports.
-
@Dashrender Great drawing! Makes it easier to visualize.
Good reminder on UPnP, btw! Had forgot about that one.
UPnP is for home use and has no place in a business setting. That's the drawback with home equipment. There is a lot of stuff you need to disable and a lot of stuff you can't do at all.
-
@WrCombs The only thing the PCI firewall is doing is preventing the PC on 192 network from attacking it directly. Because it's on the 192 network, it could still act as a MiTM if it was able to shim its way in there. So the PCI network is not as protected as it could be.
Instead the firewall/cable modem should be setup with two internal networks (if possible - which is not likely) then the 192 computer couldn't get in the middle to be a MiTM.
-
@Dashrender said in how does this work? Modems/IPs/PCI Scans:
Instead the firewall/cable modem should be setup with two internal networks (if possible - which is not likely) then the 192 computer couldn't get in the middle to be a MiTM.
Or perhaps even better, the cable modem set to bridge mode and the 192.168.... connected as a second lan on the PCI firewall.
-
@Dashrender said in how does this work? Modems/IPs/PCI Scans:
It sounds like your network looks like this
This sounds like exactly what he has.
@WrCombs said in how does this work? Modems/IPs/PCI Scans:
then chances are it's scanning the right PC and the fail is on the FW - right?
It is 100% impossible for a server on the public internet to scan through a NAT device without something else at play. WTF ever PCI scanner you are using on the internet is not seeing anything on the first internal network. Let alone anything on the double nat'd network.
-
@Dashrender said in how does this work? Modems/IPs/PCI Scans:
@WrCombs The only thing the PCI firewall is doing is preventing the PC on 192 network from attacking it directly.
Correct
@Dashrender said in how does this work? Modems/IPs/PCI Scans:
Because it's on the 192 network, it could still act as a MiTM if it was able to shim its way in there.
Nothing on the 192 network can simply MiTM. You can easily pcap the data though.
You could then use the knowledge gained from that to spoof DNS or IP and then begin to get data with some sort of MiTM.
@Dashrender said in how does this work? Modems/IPs/PCI Scans:
So the PCI network is not as protected as it could be.
It is not secure at all. this is a 100% fail.
-
@Pete-S said in how does this work? Modems/IPs/PCI Scans:
Or perhaps even better, the cable modem set to bridge mode and the 192.168.... connected as a second lan on the PCI firewall.
This is the only secure method.
You have to remove any network between the internet and the PCI firewall.
Note, you don't need VLAN. You can just use two ports like in my next post.
-
Actual setup that I have at the site I am sitting at now.
Only device on PCI LAN
Firewall rules drop 100% traffic from LAN to PCI LAN and PCI LAN to LAN.
