Solved: Unknown servers on VLAN

lewis

@johnpoz said in Unknown servers on VLAN:

If you scanned 10/8 and you had no interfaces in a 10.x network and or no other routes to get to 10.x then all of that traffic would of been sent to the default gateway.

Yes, there were no replies from anything in the 10 network.
What I mean by LAN/WAN meeting is probably wrong. I was told by the DC that the LAN and WAN are fully separated networks within the infrastructure.

johnpoz

@lewis said in Unknown servers on VLAN:

DC that the LAN and WAN are fully separated networks within the infrastructure

Wells your "lans" are completely isolated because they are behind pfsense ;) into your own switches that do not connect to anything else other than your devices - right?

lewis

@johnpoz said in Unknown servers on VLAN:

Wells your "lans" are completely isolated because they are behind pfsense ;) into your own switches that do not connect to anything else other than your devices - right?

Not exactly since I have two LAN connections and one WAN connection. The WAN is just that but one LAN goes into my own switch and the other LAN goes to the DC's internal LAN network where I am given a private VLAN that acts as my own LAN in the DC.

Hope that makes sense :)

johnpoz

@lewis said in Unknown servers on VLAN:

LAN goes to the DC's internal LAN network where I am given a private VLAN that acts as my own LAN in the DC.

Ah well then it could be possible for stuff to be on this network that you might not want on what is "your" network... So as suggested would check this network for devices that are not yours. You could do a arp scan, this is way better then doing a nmap scan.. Since you could scan for really any network at all that are on the same L2 (vlan)..

https://www.freebsd.org/cgi/man.cgi?query=arp-scan&sektion=&manpath=freebsd-release-ports

-arpspa=<s> or -s <s>
Use <s> as the source IP address. The address should be specified in dotted quad format; or the string "dest", which sets the source address to be the same as the target host address. This sets the 32-bit ar$spa field in the ARP packet. Some operating systems check this, and will only respond if the source address is within the network of the receiving interface. Others don't care, and will respond to any source address. By default, the outgoing interface address is used.

You could just install the freebsd port onto pfsense if you have no other say linux box on this "dc" vlan that is one of your lan networks.

You could also get sneaky and set van IDs in your arp scan to see if you can jump vlans. Which would be bad in a DC..

But also just running a packet capture looking for arps on this network and see if you see any arps from stuff that is not yours on this dc "lan" network would be way to check as well.

lewis

Using arp, I see only my own stuff. I'll spend more time on this once I get everything else done. That way, it'll be a complete working config and hopefully, very secure as promised.

johnpoz

@lewis yeah arp scanning is very fast, and most anything is going to answer an arp, even if firewall blocking all protocols and ping, etc. Only problem with that sort of scan is you have to be on the same L2..

But for what your looking for its prob more in line with what your looking to do..

lewis

@johnpoz said in Unknown servers on VLAN:

@lewis yeah arp scanning is very fast, and most anything is going to answer an arp, even if firewall blocking all protocols and ping, etc. Only problem with that sort of scan is you have to be on the same L2..

But for what your looking for its prob more in line with what your looking to do..

Yes, basically just wanting to make sure I have my own relatively secure LAN (VLAN) network.

I'll do it again once everything is up.