Penetration Testing mailing list archives

RE: Disovering hosts using UDP services

From: "Alex Eden" <Alex.Eden () senet-int com>
Date: Thu, 4 Sep 2008 17:09:47 -0400

Onesixtyone is pretty fast and accurate...

DNSSCAN - I'm trying to compile right now - supposedly it's able to scan
whole networks for dns servers...

What about amap? It's not very elegant, but works for me. I don't have
nmap-generated host file, so I do (in csh)

foreach i ("`cat target.hosts.txt`")
amap -u $i 53 >> DNS.servers.txt
end

For hosts input you can use nmap-generated hosts file, but for output would
still need to touch a file and append. Amap has "-o" option which is not done
right.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of Gleb Paharenko
Sent: Thursday, September 04, 2008 3:33 PM
To: pen-test () securityfocus com
Subject: Disovering hosts using UDP services

Dear list.

Often udp port scanning say with nmap -sU -pPort1,Port2,.. does not
give results as UDP services tends do not respond to malformed
packets. At the same time utilities which send good packets getting
results and allows to enumerate hosts on the net.  For example
ike-scan usually give you the VPN endpoints, while nmap will not be
able to do this. Another example - dns server, it will not respond to
nmap UDP packet, but will respond for good dns query.

I'm looking for tools which will allow enumerate
 - dns  53
 - snmp discover 161
 - windows discovery (135,139,138,445,137)
 - ntp discovery 123
 - ms sql 1434


I'm interested on your thoughts about advanced discovery techniques as well.

-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

Disovering hosts using UDP services Gleb Paharenko (Sep 04)
- RE: Disovering hosts using UDP services Alex Eden (Sep 04)
- Re: Disovering hosts using UDP services lister (Sep 04)
  - RE: Disovering hosts using UDP services Alex Eden (Sep 06)
- Re: Disovering hosts using UDP services Anders Thulin (Sep 06)
- RE: Disovering hosts using UDP services TURPIN Marc IT&L@bs (Sep 06)
  - Re: Disovering hosts using UDP services Nikhil Wagholikar (Sep 08)
- Re: Disovering hosts using UDP services Martin Zember (Sep 07)
- <Possible follow-ups>
- Re: RE: Disovering hosts using UDP services publists (Sep 04)