Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Disovering hosts using UDP services

From: Anders Thulin <anders.thulin () sentor se>
Date: Fri, 05 Sep 2008 07:50:19 +0200
Gleb Paharenko wrote:


I'm looking for tools which will allow enumerate
 - dns  53
 - snmp discover 161


... etc.

  Doesn't nmap do much of this these days? Just use your own
nmap-service-probes file, and write your own probe packets.
(Use the --datadir option.)

  If you don't like that, and  there is no ready-made code,
I think the best idea is to take a sound UDP-scanner such as
nbtscan, rip out everything that is netbios oriented, and replace
it with DNS-code, SNMP-code, or even code that can be selected
from the command-line. If I recall, creating a dnsscan out of
nbtscan was one or two hours work.

  Of course, you need to know the protocols. DNS is simple: just send
a status request, and you'll get a response that says 'not implemented'.
SNMP is less easy: you won't get a response unless the server does something
else than what the protocol specification says. Some do, but far from all.
And so on.


--
Anders Thulin      anders.thulin () sentor se      070-757 36 10 / Intl. +46 70 757 36 10

------------------------------------------------------------------------
This list is sponsored by: Cenzic
Top 5 Common Mistakes in Securing Web Applications 
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: