[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] Nmap



(I don't have the original, so ill qoute this guy)

Nmap has an option to change how it determines if a host is up by
attempting a port connection instead. I find this to be highly effective.
Using a couple of standard ports are the best, such as 80, 21, etc. If you
only have a few ports your searching for, then drop host discovery and scan
those specific ports, youd get the same results but a tad bit less
overhead(mainly in the sense of stealth or an obsession with not wasting
bandwidth if you can help it)
On Jan 2, 2012 1:00 PM, "S Walker" <walker_s@xxxxxxxxxxxxx> wrote:

>
> Just an added note to the current replies (which are all great for hosts
> not in the local broadcast domain): It is almost certain that every device
> in your local network will respond to an ARP request. nmap does this by
> default anyway (-PR for local networks), but it's worth bearing in mind, as
> something local that won't respond to an ARP request is almost certainly
> not reachable.
>
> S
>
> ----------------------------------------
> > Date: Mon, 2 Jan 2012 12:03:42 -0500
> > Subject: Re: Nmap
> > From: juan.quine@xxxxxxxxx
> > To: pen-test@xxxxxxxxxxxxxxxxx
> >
> > Sorry for the late answer...
> >
> > But when you scan for machines that do not answer to ping (it means
> > answer with an echo reply for each echo request), you could try using
> > timestamp, and will return timestamp reply, and also information
> > request and wait for an information reply
> >
> > Both coould be useful also to detect equipments that do not answer to
> > ping. And if you want something more "noisy" maybe a network discovery
> > or a -P0 option.
> >
> > Here is a summary of message types with their port (for ICMP protocol).
> >
> > 0 Echo Reply
> > 3 Destination Unreachable
> > 4 Source Quench
> > 5 Redirect
> > 8 Echo
> > 11 Time Exceeded
> > 12 Parameter Problem
> > 13 Timestamp
> > 14 Timestamp Reply
> > 15 Information Request
> > 16 Information Reply
> >
> > More detail on: http://www.faqs.org/rfcs/rfc792.html
> >
> > Hope it will be useful.
> >
> > Regards,
> >
> > Juan Pablo.
> >
> > On Sun, Oct 2, 2011 at 4:35 PM, John M. Martinelli
> >  wrote:
> > > This would work but it would be kind of "noisy" to open port scan
> > > every host. Also probably a little more time consuming.
> > >
> > > Adding in syn scan or open port scan will create more time required as
> > > we're now looking for open ports. What if all ports are closed? Will
> > > it respond to a certain type of ICMP?
> > >
> > > I think a great question to ask is: "What is the least-impactful way I
> > > can very quickly determine what hosts are alive?" without a
> > > traditional ping sweep.
> > >
> > > On Sat, Oct 1, 2011 at 10:37 PM, Jeffory Atkinson  wrote:
> > >>
> > >> All depends on what you are trying to achieve. I would assume that
> you are not concerned about monitoring devices seeing you have done a ping
> sweep with nmap. I agree with others a port scan is going to give you the
> best idea if a host is active. There are Many instances filtering devices
> can drop icmp or respond for hosts behind them.  Open ports and services
> are the best identifiers. A port has to be open in some form (open or
> filtered) to interact with in-bound connections. I would recommend a -sS
> (syn) scan you can opt for standard services or add -p1- for all 65k+
> ports. All ports will verify and services/demons running. There are other
> options if bandwidth is an issue.
> > >>
> > >>
> > >> On Sep 30, 2011, at 5:17 PM, Ukpong  wrote:
> > >>
> > >> > Can somebody suggest the best NMAP commands for identifying hosts
> that
> > >> > are not responding to ICMP ping requests ?
> > >> >
> > >> >
> ------------------------------------------------------------------------
> > >> > This list is sponsored by: Information Assurance Certification
> Review Board
> > >> >
> > >> > Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
> > >> >
> > >> > http://www.iacertification.org
> > >> >
> ------------------------------------------------------------------------
> > >> >
> > >>
> > >>
> ------------------------------------------------------------------------
> > >> This list is sponsored by: Information Assurance Certification Review
> Board
> > >>
> > >> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
> > >>
> > >> http://www.iacertification.org
> > >>
> ------------------------------------------------------------------------
> > >>
> > >
> > >
> ------------------------------------------------------------------------
> > > This list is sponsored by: Information Assurance Certification Review
> Board
> > >
> > > Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
> > >
> > > http://www.iacertification.org
> > >
> ------------------------------------------------------------------------
> > >
> >
> >
> >
> > --
> >
> > ===============================================
> > |_|0|_| Ing Juan Quiñe, CISSP, OSCP, GISP, ISO 27001 LA, Cobit-F.
> > |_|_|0| visita: http://hackspy.blogspot.com/
> > |0|0|0| a.k.a. HaCKsPy - from Security Wari Projects, now PeruSEC
> >
> > "... hacking is a way to live your life, not a day job or semi-ordered
> > list of instructions found in a thick book ..." Anthony Bunyan
> > "... Live your life as if you will die tomorrow but learn as if you
> > will live forever ..." Mahatma Gandhi
> > "... Romper un sistema de seguridad los acerca tanto a ser hackers
> > como encender autos puenteando cables los convierte en ingenieros
> > automitrices ..."
> > "... Nada es tan importante, ni tan urgente que no pueda ser hecho con
> > seguridad ..."
> >
> > ------------------------------------------------------------------------
> > This list is sponsored by: Information Assurance Certification Review
> Board
> >
> > Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
> >
> > http://www.iacertification.org
> > ------------------------------------------------------------------------
> >
>
> ------------------------------------------------------------------------
> This list is sponsored by: Information Assurance Certification Review Board
>
> Prove to peers and potential employers without a doubt that you can
> actually do a proper penetration test. IACRB CPT and CEPT certs require a
> full practical examination in order to become certified.
>
> http://www.iacertification.org
> ------------------------------------------------------------------------
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/