Penetration Testing mailing list archives

Re: How to portscan a Class B effectively

From: batz <batsy () vapour net>
Date: Mon, 3 Jun 2002 17:06:19 -0400 (EDT)

On Mon, 3 Jun 2002, RT wrote:

:Here's the PERL script:

Handy script, but can be limited by aggregation, which is pretty common
at exchange points. 

A more thorough method is to use hping or traceroute with the ttl set within
1 or two hops of the destination, and sample address ranges using the
beginnings of CIDR blocks from /24 to /29's. This should flush out 
the routers, and then you will generally find clusters of contiguous
address space around each router. 

Hping is handy b/c you can use udp/53 and be mostly innocuous, as few
people ever corelate icmp unreachable alerts from their IDS, even
though it is the best way to catch someone firewalking. 

--
batz


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

faster scans? (nmap) wirepair (Jun 03)
- Re: faster scans? (nmap) Matt Selsky (Jun 03)
- RE: faster scans? (nmap) Ozan Gonenc (Jun 03)
  - Re: faster scans? (nmap) wirepair (Jun 03)
    - Re: faster scans? (nmap) Andreas Junestam (Jun 04)
    - Re: faster scans? (nmap) Gregory Duchemin (Jun 04)
- Re: faster scans? (nmap) Michael Starr (Jun 03)
  - How to portscan a Class B effectively RT (Jun 03)
    - Re: How to portscan a Class B effectively batz (Jun 03)
  - Re: faster scans? (nmap) Yann Berthier (Jun 03)
- Re: faster scans? (nmap) Anders Thulin (Jun 04)
- <Possible follow-ups>
- Re: faster scans? (nmap) miguel . dilaj (Jun 03)
- RE: faster scans? (nmap) Steve Maks (Jun 03)
  - Re: faster scans? (nmap) Yann Berthier (Jun 03)
- RE: faster scans? (nmap) JLETOUX (Jun 04)
  - Re: faster scans? (nmap) Gregory Duchemin (Jun 04)