Re: Difficulties in Network Mapping & port scanning

[Petr.Kazil () eap nl]

Inspiring desription by Pete! I will look more into Unicornscan.

Pete Herzog <lists () isecom org> wrote on 04-01-2006 15:06:00:

> It's basically: construct packet, record construct, send packets, and 
> record response. Modify and retry. Correlate.

However I sympathize with the original poster (David). Over the years 
firewalls have gotten better and most of the techniques that used to work 
(TTL-tweaking etc.) don't seem to work anymore. Running a sniffer along 
with the scan is good practice, but usually doesn't produce much of value.

What works surprisingly well is scanning the IP-range in Google. I've 
written a simple script that will query Google for adresses in a range 
form (let's say) 10.0.0.1 to 10.0.0.255. This usually yields the adresses 
of outgoing proxies that would be invisible in a normal scan. Most often 
it's not possible to do anything useful with this information, but most 
clients are amused: "You discovered all our systems and even some that 
don't exist anymore!" :-)

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------