Penetration Testing mailing list archives

Re: Identifying Machines

From: Blake Frantz <blake () mc net>
Date: Tue, 19 Jun 2001 23:00:52 -0500 (CDT)


If all of your technical efforts fail try calling up the IS manager and
tell him you are performing a survey pertaining to the "technological
awareness of businesses in <insert organizational type here, ie health
care, ISP, bank>" and you would like to know the number of computers they
have.

-Blake

================================================================= 
The Government, like diapers, should be replaced regularly, and
often for the same reasons. 

On Tue, 19 Jun 2001, Crist Clark wrote:

Rick Who Else? wrote:


Let me clarify somewhat. Lets imagine a scenario, of being on a seperate
network of your target network. So sniffing traffic and MAC addresses don't
apply. And you wish to see how many machines on are a certain subnet. So you
wish to scan the entire range of a class C, lets say. ICMP is filtered out.
And some of the machines  may have no ports open.


Scanning to see what machines are there should be trivial. A TCP SYN-scan
(or a variety of more stealthy TCP scans) would do that. More interesting
TCP scans (X-mas, NULL, surprise-ACK, etc.) can give you more hints about 
the OS. Of course, once you get any traffic from the hosts, you can also
look at the IP headers for more clues, TTL, IP ID pattern, DF-bit, etc.

Of course, I am assuming you mean "closed ports" are really closed
ports (return RSTs when tickled) as opposed to filtered, firewalled
TCP ports. If that's the case... good luck. 
-- 
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

The information contained in this e-mail message is confidential,
intended only for the use of the individual or entity named above.  If
the reader of this e-mail is not the intended recipient, or the employee
or agent responsible to deliver it to the intended recipient, you are
hereby notified that any review, dissemination, distribution or copying
of this communication is strictly prohibited.  If you have received this
e-mail in error, please contact postmaster () globalstar com

Current thread:

Identifying Machines Rick Who Else? (Jun 18)
- Re: Identifying Machines Blake Frantz (Jun 19)
- Re: Identifying Machines Don Tansey (Jun 19)
- Re: Identifying Machines Lance Spitzner (Jun 19)
- <Possible follow-ups>
- Re: Identifying Machines Rick Who Else? (Jun 19)
  - Re: Identifying Machines Jose Nazario (Jun 19)
  - Re: Identifying Machines Crist Clark (Jun 19)
    - Re: Identifying Machines Blake Frantz (Jun 20)
  - Re: Identifying Machines Ryan Russell (Jun 19)
- RE: Identifying Machines Yonatan Bokovza (Jun 19)
- Re: Identifying Machines Jeremy Sanders (Jun 19)
- Re: Identifying Machines Victor A. Rodriguez (Jun 19)