Penetration Testing mailing list archives
RE: Scanning Class A network
From: "Kyle Starkey" <kstarkey () siegeworks com>
Date: Mon, 24 Oct 2005 12:57:43 -0600
While this is a rather rough requirement the simple math is astronomical ((65535 port * 2) * .001 sec/port) (16,277,214 hosts per class A) = 68 YEARS to complete the scan... Firguring one host with one process running... Now figure 20 hosts running 20 scan instances at one time it ends up STILL taking you over 60 days just to complete the scan and this DOESN'T include vulnerability info... So you now have all this data how do you make sense of it... There are some good solutions to this problem that will be much more secure and give a way more understandable picture of what the security of this network looks like. Install a distrubuted scanner across the network and segment the networks into easily scannable sections by geography and network type. This will allow you to speed up the scanning because a scanner inside an access controlled network can use icmp to discover all the hosts before beginning the exhausting task of enumerating all 130,000 ports. I like nCircles IP360 product to do this, but it could be done with nmap on small boxes sending output back to a central server. Grab router and firewall configuration information for the whole network and virtualize the network using Skybox software. Skybox allows you to make a virtual map of your entrie network including all its access control and routing components, as well as run virtual attacks from any location both inside and outside of this network. Import the port data into skybox and run an attack virtualization from the INTERNET perspective. Once you have all this information into Skybox you will KNOW what is available to the INTERNET as well as having a better understanding of the STATE of network security on the entrie CLASS A. While skybox really is a risk management suite and more built to allow corporations to manage risk as it is seen relative to corporate assets it would handle this problem extrememly well. Then you could as an added bonus be able to categorize security by RISK and not by which vulnerability is the highest on some made up scale. Please be aware this is the short hand version of what could easily end up being a 10 page document on vuln scanning and its usefullness to the corporate security team versus risk management and its use to the company as a whole.... If anyone wants to get into that discussion offline drop me an email, but I am not sure it REALLY meets the terms of use for this foum... -Kyle Kyle R. Starkey Senior Security Consultant CISSP # 31718 Siegeworks LLC Email: kstarkey () siegeworks com Cell: 435-962-8986 -----Original Message----- From: tarunthenut () gmail com [mailto:tarunthenut () gmail com] Sent: Monday, October 24, 2005 6:33 AM To: pen-test () securityfocus com Subject: Scanning Class A network Hello All, Recently I was given a task to carry out a port scan of an entire valid Class A range (Dont ask me what the huge pool of valid IP's was for :) ). The scan needed to be carried out externally, and not from within the network to identify hosts and ports exposed to the Internet. The problem compounded cause of the following limitations : 1. ICMP was not allowed in the network 2. The IP range was to be scanned every month for the entire port range fro= m 1-65535 for TCP & UDP After searching for a suitable scanner which could scan such a large range in reasonable time, I could think of only nmap, nessus, superscan and ISS. But because of the limitations stated above,all the tools took a huge amount of time (ran into month). I have struggled with options within the tools, tried configurable parameters (host time out, parallelism, RTT etc) and divided into smaller class C networks and scanned.but still the scan seems to take ages even if it is Any advise would be welcome :) Cheers tarunthenut ---------------------------------------------------------------------------- -- Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Scanning Class A network tarunthenut (Oct 24)
- Re: Scanning Class A network Kurt (Oct 24)
- Re: Scanning Class A network David Eduardo Acosta RodrÃguez (Oct 24)
- Re: Scanning Class A network robert (Oct 24)
- Re: Scanning Class A network Mike Jones (Oct 24)
- Re: Scanning Class A network Justin (Oct 24)
- Re: Scanning Class A network Chris Byrd (Oct 24)
- Re: Scanning Class A network Matt Bellizzi (Oct 24)
- RE: Scanning Class A network Kyle Starkey (Oct 24)
- Re: Scanning Class A network Satanic.Brain (Oct 24)
- Re: Scanning Class A network R. DuFresne (Oct 24)
- Re: Scanning Class A network Steve Micallef (Oct 24)
- Re: Scanning Class A network Volker Tanger (Oct 24)
- RE: Scanning Class A network Talisker (Oct 25)
- Re: Scanning Class A network Adam Jones (Oct 26)
- RE: Scanning Class A network Brian Loe (Oct 26)
- <Possible follow-ups>
- Re: Scanning Class A network barcajax (Oct 24)
- RE: Scanning Class A network Jarmon, Don R (Oct 24)
- RE: Scanning Class A network Mike Thompson (Oct 24)
(Thread continues...)