Re: IIS instance detection

["5.K1dd" <5.k1dd () austinhackers org>]

Perimiter firewall rules will tell you hosts & ports for external facing
website.  The internal DNS server will give you hosts running internal
facing websites.


> I have a client that needs to deploy security patches for Apache but
> are not 100% sure of which host houses the instance or the ports used
> either.
>
> My question is how can I identify 100%  of the instances effectively
> and reasonably quietly without scanning nearly all of the ports on
> all the hosts?
>
> I thought of pulling the ports enabled from the host based firewall
> solution and scanning these with nmap. But a port could be blocked
> through the firewall and an instance still listening locally although
> not remotely accessible providing the FW is running. These do exist
> for tools run locally and I've seen the FW fail too so want to ensure
> coverage for these also.
>
> I like the idea of using Nessus (which I have) to perform a
> credentialed local scan of the ports listening on the server but I
> think this needs SMB and Admin shares enabled which I don't have.
>
> Is there another way to do this?
>
> Grateful for any ideas.
>
> Regards,
>
> K41zen _______________________________________________ Pauldotcom
> mailing list Pauldotcom () mail pauldotcom com 
> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main
> Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com