|
Penetration Testing
mailing list archives
Re: Discovering Live Hosts
From: "rajat swarup" <rajats () gmail com>
Date: Wed, 8 Aug 2007 02:22:52 -0400
On 8/8/07, rajat swarup <rajats () gmail com> wrote:
On 8/8/07, Nikhil Wagholikar <visitnikhil () gmail com> wrote:
Thanks for your suggestion. However as I said earlier that "if suppose SMTP is
configured on port 26 instead of traditional port 25, then it would
add a twist to this situation". Hence your suggested method would
still leave some hosts down. Can you kindly further granularize your
suggestion?
But it would turn up with port 25 as "closed" which still shows that
the host is alive.
If you are trying to reach hosts in a DMZ and the firewall filters
everything but port 25 in your given scenario, then I do admit that
it'll fail. But, if you want to be so thorough as to not to miss even
a single port, then there's no other option but to go with a full port
scan.
nmap -sS -p- -P0 -iL <file_containing_ips>
But generally speaking, DMZs could allow 80, 25 (or in this scenario
26), 443. And if you checked for 80, 443 it would show up as
closed...so technically you did enumerate a live host.
HTH,
--
Rajat Swarup
http://rajatswarup.blogspot.com/
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
 By Date 
By Thread
Current thread:
|
Intro
