Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: How to portscan a Class B effectively

Re: How to portscan a Class B effectively

From: batz <batsy_at_vapour.net>
Date: Mon, 3 Jun 2002 17:06:19 -0400 (EDT)

On Mon, 3 Jun 2002, RT wrote:

:Here's the PERL script:

Handy script, but can be limited by aggregation, which is pretty common
at exchange points.

A more thorough method is to use hping or traceroute with the ttl set within
1 or two hops of the destination, and sample address ranges using the
beginnings of CIDR blocks from /24 to /29's. This should flush out
the routers, and then you will generally find clusters of contiguous
address space around each router.

Hping is handy b/c you can use udp/53 and be mostly innocuous, as few
people ever corelate icmp unreachable alerts from their IDS, even
though it is the best way to catch someone firewalking. 

--
batz
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Jun 03 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]