Re: [PEN-TEST] Any way to speed up mapping for penetration testing?

[Andrew Griffiths <andrewg () TASMAIL COM>]

Yup there is. Use a tcp ping first. You'll have to find an open/closed port (not filtered) to do this.

try 80,113,25 or whatever.

Oh yeah, a nice trick to is to send a couple of half connections and what the traffic (icmp) that comes back. You get 
fragments of their memory in that icmp packet if they include more of the header.

Or send invalid packets. Just hope they aren't filtering outgoing "your packet is stuffed" icmp.

On Thursday, March 15, 2001 at 02:58:31 PM, Penetration Testers wrote:

> Am currently working with a customer to map their network prior to
> penetration/vulnerability testing using NMap.  Customer doesn't allow Ping
> and wants 65000 ports tested.  Since we can't Ping, NMap takes a long time
> to test a single host resulting in a very long testing period.  We've tried
> setting a time-out value of 30 seconds but end up missing hosts with this
> value.  Has anyone had an experience like this and if so, any
> recommendations to efficiently map a network without Ping?
>
> thanks


--
www.tasmail.com