Security Basics mailing list archives
Re: AW: ICMP (Ping)
From: Tim Greer <chatmaster () charter net>
Date: 08 Sep 2003 10:28:01 -0700
On Mon, 2003-09-08 at 11:17, Meidinger Chris wrote:
Nmap ping scans first unless you tell it not to.From the nmap manpage athttp://www.insecure.org/nmap/data/nmap_manpage.html: -P0 Do not try and ping hosts at all before scanning them. This allows the scanning of networks that don't allow ICMP echo requests (or responses) through their firewall. microsoft.com is an exam ple of such a network, and thus you should always use -P0 or -PT80 when portscanning microsoft.com. Wouldn't this be a reliable measure of whether people are likely to ping scan first or just vuln scan right away?
That's right, or you can just use such an option on a number of tools and specify the port to check... bypassing any checks on the ping response. And, of course, it would only take a few minutes to create a script to check IP ranges for port 80 or 25 responses and compile a list from that--you can just use Perl and LWP to check if you wanted to get very simple and accurate, and check for the response code and/or the web server type and version (assuming the banner hasn't been modified, which most people don't do) and only add it to a list of you can match the m/^\s*Server:\s*(.+)$/ field of a known vulnerable version--or whatever you want to do. This would perhaps be a total of 8 lines of code. -- Tim Greer <chatmaster () charter net> --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- AW: ICMP (Ping) Meidinger Chris (Sep 03)
- <Possible follow-ups>
- AW: ICMP (Ping) Meidinger Chris (Sep 05)
- Re: AW: ICMP (Ping) Tim Greer (Sep 05)
- AW: ICMP (Ping) Meidinger Chris (Sep 08)
- Re: AW: ICMP (Ping) Tim Greer (Sep 08)
- Re: AW: ICMP (Ping) jfastabe (Sep 08)