Re: Discovering Live Hosts

["rajat swarup" <rajats () gmail com>]

On 8/8/07, rajat swarup <rajats () gmail com> wrote:
> On 8/8/07, Nikhil Wagholikar <visitnikhil () gmail com> wrote:
> > Thanks for your suggestion. However as I said earlier that "if suppose SMTP is
> > configured on port 26 instead of traditional port 25, then it would
> > add a twist to this situation". Hence your suggested method would
> > still leave some hosts down. Can you kindly further granularize your
> > suggestion?
>
> But it would turn up with port 25 as "closed" which still shows that
> the host is alive.
If you are trying to reach hosts in a DMZ and the firewall filters
everything but port 25 in your given scenario, then I do admit that
it'll fail.  But, if you want to be so thorough as to not to miss even
a single port, then there's no other option but to go with a full port
scan.
nmap -sS -p- -P0 -iL <file_containing_ips>

But generally speaking, DMZs could allow 80, 25 (or in this scenario
26), 443.  And if you checked for 80, 443 it would show up as
closed...so technically you did enumerate a live host.

HTH,
-- 
Rajat Swarup

http://rajatswarup.blogspot.com/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------