Penetration Testing mailing list archives
Re: Discovering Live Hosts
From: "Vivek P" <iamherevivek () gmail com>
Date: Wed, 8 Aug 2007 12:27:55 +0530
Hi John, Nikhil Whatever u call it, it is to learn about the network! We all are here for the same purpose of learning no matter what u call it ;-) Nikhil,this is what i do! 1. scan the n/w for services nmap -0 it for the whole port range (specify so that nmap is not taking just its favourite) [-p0-9999] if there is some kind of banner reported it means the host it alive else dead! if alive u continue with what u want! else if they manage to firewall that! 2. run a batch file which calls a c program which sends null value packet to all ports! (customized code from codeproject.net). If the stupid machine is alive/dead! 3. I have not got a negetive for these two approaches either of these have succeeded till date! ps: there are some honeypots & IPS which fool around it is not for those brothers, we need to impliment evasive stuff infront of these methods to eliminate them :-) i think this might be of some use! thanx ------------------------------------------- Vivek P Nair Vice President Technology Appin Group Of Companies Appin Security Group Module III TBIU IIT DELHI Hauz Khaus New delhi India www.appinlabs.com vivek.p () appinlabs com +919910924675 We explore... and you call us criminals. We seek after knowledge... and you call us criminals. We exist without skin color, without nationality, without religious bias... and you call us criminals. You build atomic bombs, you wage wars, you murder, cheat, and lie to us and try to make us believe it's for our own good, yet we're the criminals. Yes, I am a criminal. My crime is that of curiosity. My crime is that of judging people by what they say and think, not what they look like. I am a hacker, and this is my manifesto. You may stop this individual, but you can't stop us all! On 8/8/07, John M. Martinelli <john () martinelli com> wrote:
Since when? If I'm auditing an intrusion detection system on my LAN, I would consider that I'm penetration testing, not performing a vulnerability assessment. Regards, John Martinelli RedLevel.org Security On Aug 8, 2007, at 2:04 AM, Nikhil Wagholikar wrote:Hello Jure, Performing scans from within target LAN is called Vulnerability Assessment, and doing the same thing from other LAN or outside IP Address/Addresses is called Penetration Testing. I have clearly mentioned that the scenario is applicable for Pen-Testing. Kindly suggest the same answer from Pen-Testing point of view. Thanks for your suggestion. This suggestion will be usefull for Vulnerability Assessors. --- Nikhil Wagholikar Information Security Analyst On 8/8/07, Jure Krasovic <jure.krasovic () lusp com> wrote:Nikhil Wagholikar pravi:Hello List, I need some suggestions and inputs from all Pen-testers around the world on this issue.Hello Nikhil, if you are on the same LAN as machines you do pentest, you should try arpping. Regards Jure---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ---------------------------------------------------------------------- -------------------------------------------------------------------------- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts pand0ra (Aug 08)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts Jure Krasovic (Aug 07)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts John M. Martinelli (Aug 07)
- Re: Discovering Live Hosts Vivek P (Aug 08)
- Re: Discovering Live Hosts Lee Lawson (Aug 08)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 08)
- Re: Discovering Live Hosts Sat Jagat Singh (Aug 08)
- <Possible follow-ups>
- Re: Discovering Live Hosts Dan Catalin Vasile (Aug 08)
- Re: Discovering Live Hosts rajat swarup (Aug 08)
- Re: Discovering Live Hosts Fabrizio (Aug 08)