Penetration Testing mailing list archives
Re: [PEN-TEST] Any way to speed up mapping for penetration testing?
From: H D Moore <hdm () SECUREAUSTIN COM>
Date: Thu, 15 Mar 2001 17:17:11 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The method I developed works extremely well: 1. Determine the average RTT to that host via hping or similar tool. Try sending syn packets to a port you know is open, or try pinging another host on the same segment, and finally if that doesnt work, ping their gateway and take that RTT. 2. Take the RTT from above and double it, then pass it to nmap's - --max_rtt_timeout option along with a reasonable maximum host timeout (based on number of ports * 2 * RTT). The nmap scan should take a maximum of 3-5 minutes on a normal ethernet segment. By forcing the max rtt to be double the known value, you keep nmap from taking forever while waiting on responses back from filtered ports. Hard network spikes in the middle of your scan can cause nmap to timeout prematurely, so make sure the network isnt being clobbered before you try this. You also might want to check out SpiderMap, a paralell'ized nmap scanning script, creating for this purpose a couple years ago. You can find a copy on my digital offense web site in the projects section . - -HD http://www.digitaldefense.net (work) http://www.digitaloffense.net (play) http://www.dursec.com (conf) On Thursday 15 March 2001 01:58 pm, Randy Molen wrote:
Am currently working with a customer to map their network prior to penetration/vulnerability testing using NMap. Customer doesn't allow Ping and wants 65000 ports tested. Since we can't Ping, NMap takes a long time to test a single host resulting in a very long testing period. We've tried setting a time-out value of 30 seconds but end up missing hosts with this value. Has anyone had an experience like this and if so, any recommendations to efficiently map a network without Ping? thanks
-----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 iQA/AwUBOrFNfTwRvqMPEDLhEQLTyQCgitBuw7IzRWCFoq4GeCar51fyiegAn3QN iz6A9g/j9kz97Pa4X/d0H7B5 =d/kx -----END PGP SIGNATURE-----
Current thread:
- [PEN-TEST] Any way to speed up mapping for penetration testing? Randy Molen (Mar 15)
- Re: [PEN-TEST] Any way to speed up mapping for penetration testing? Weiss, Bill (Mar 15)
- Re: [PEN-TEST] Any way to speed up mapping for penetration testing? Shoten (Mar 15)
- Re: [PEN-TEST] Any way to speed up mapping for penetration testing? morgothan (Mar 15)
- Re: [PEN-TEST] Any way to speed up mapping for penetration testing? batz (Mar 15)
- Re: [PEN-TEST] Any way to speed up mapping for penetration testing? H D Moore (Mar 15)