So, I’ve been looking a little deeper into what I have running on my network over the past day or so, and I found a few interesting things. I covered the most interesting things I found in my last piece, as well as some initial scans of the equipment I found. I had a couple of interesting addresses on my NAT LAN, at .128, .131, and .147.
I have no idea what’s running at .128. Whatever it is, it has absolutely no ports open, and believe me, I’ve looked over them all (nmap … -p-65535 is your friend). I ran all the usual suspects from the script library too, and it doesn’t register any vulnerabilities nor has it been hooked by any known malware. I’m going to need to figure out another way to get to whatever that is.