Re: Discovering Live Hosts

[pand0ra <pand0ra.usa () gmail com>]

Yes, but port 26 will respond and with a banner (usually) and
obviously you would be able to connect to it. You also have to think
on how likely this will be as (maybe I am talking out my arse) I have
not seen anyone change a default port for SMTP. I'm not saying that
this is not (im)possible or (im)probable.

If you have the time and you are trying to discover all of the hosts
in a range I would use the nmap line that rajat supplied. Depending on
how many addresses there are (and your connection) it could take a
while but if there are any services running you should find them.

You could also start by doing a zone transfer (if it is not
restricted) or other DNS checks. Netcraft might also have something
interesting.

Nikhil -
"Performing scans from within target LAN is called Vulnerability
Assessment, and doing the same thing from other LAN or outside IP
Address/Addresses is called Penetration Testing." You may want to
refer to Wikipedia on the differences between a Vulnerability
Assessment and a penetration test. I've provided the links below.

"A penetration test is a method of evaluating the security of a
computer system or network by simulating an attack by a malicious
user, commonly known as a hacker."
http://en.wikipedia.org/wiki/Penetration_test

"Vulnerability assessment is the process of identifying and
quantifying vulnerabilities in a system."
http://en.wikipedia.org/wiki/Vulnerability_assessment

Good luck.

On 8/7/07, Nikhil Wagholikar <visitnikhil () gmail com> wrote:
> Hello Rajat,
>
> Thanks for your suggestion. However as I said earlier that "if suppose SMTP is
> configured on port 26 instead of traditional port 25, then it would
> add a twist to this situation". Hence your suggested method would
> still leave some hosts down. Can you kindly further granularize your
> suggestion?
> Thanks once again.
>
> --
> Nikhil Wagholikar
> Information Security Analyst
>
> On 8/8/07, rajat swarup <rajats () gmail com> wrote:
> > On 8/7/07, Nikhil Wagholikar <visitnikhil () gmail com> wrote:
> > > Can anyone kindly guide me, as to how to find live IP Addresses from a
> > > given Pool of IP Addresses (Range of IP Addresses) with as less false
> > > positive results as possible and as quickly as possible? Is there any
> > > tool out (no matter shareware or freeware), which focuses on finding
> > > live IP Addresses from Pool of IP Addresses?
> > Hi Nikhil,
> > I would choose some 40-50 odd most commonly used ports and perform a
> > SYN Stealth scan only on those ports -sS -P0 (e.g.,
> > 21,22,23,25,53,80,443,3389,9000 etc).
> > I'd also do a ping scan.
> > Now there are 4 possibiities:
> > 1. A host responds to ping
> > 2. A host responds with open port
> > 3. A host responds with a closed port
> > 4. A host resolved DNS name
> > In each of the four cases you come to know the host is alive.
> >
> > HTH,
> > Rajat.
> > --
> > Rajat Swarup
> >
> > http://rajatswarup.blogspot.com/
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------