Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: TR: Mapping Class A network ( any easy trick?)

from [Vicente Feito] Network Security [Permanent Link]
Subject: Re: TR: Mapping Class A network ( any easy trick?)
Date: Mon, 21 Feb 2005 23:48:02 +0000 
I keep reading the same mistake over and over, not talking about this 
particular message, but about something most admins do, they start flooding 
the network with nmap and trying to do a broadcast scan, that's insane, they 
do nmap -sS -p1-65535 x.x.x.x/24 or something like that, I don't mean to 
critizice, but I'm my opinion, what I do if I need something like this, is 
first, just find out what hosts are up, something like nmap -sP <whatever>
Or even a perl script to test this kind of things, then store those ip's in an 
array and run a scan on those specific ip's, do this with a little class C 
subnet and compare both methods, you'll see the big difference involved.
Let the flames begin?
Vicente.

On Friday 18 February 2005 12:02 pm, Bénoni MARTIN wrote:

I worked in a finantial institution where I had around 65 000 000 of 

potential IP adresses. I mean "potential" IP adresses: many of them where 
empty, others with just a couple of machines, and very few had all the IP 
adresses given to physical machines.


To scan this (there wer actually just classes C), it took me 5 days & nights 

for covering all the IP adresses, and we were just nmaping (simple nmap -sS) 
all of these IP adresses.


Just notice that this tuming depends a lot on the traffic on your subnets: 

the more traffic there is, the slower will be your scans ... ;)


-----Message d'origine-----
De : Tim [mailto:tim-pentest@sentinelchicken.org]
Envoyé : jeudi 10 février 2005 03:38
À : Moonen, Ralph
Cc : pen-test@securityfocus.com
Objet : Re: Mapping Class A network ( any easy trick?)


Apart from the timing issues (I agree totally) I still think that you 
cannot call nmap+nbtstat or nmap+nessus or whatever combinatioin 
'penetration testing'. To me that is Vulnerability Analysis. VA on a 
class A is tricky enough. Pentesting (ie attempted exploitation of all 
discovered vulenrabilities) on a full class A is extremely difficult.
Impossible for 1 man and his laptop, given average population of 
networks.


Of course not.  I was merely trying to provide some information on what it 

takes to actually scan that many IPs.  Our scan only consisted of OS 
fingerprinting, about 20 TCP and 20 UDP ports scanned, and a quick nbtscan 
query.  This would be enough information to map a network where one truly 
doesn't know what is out there, but by no means is it a "penetration test".  
Just the first step (in some situations).


tim
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cryptocard database, Kurt Seifried
Next by Date:  DB2 - SQL Injection, Andres Molinetti
Previous by Thread:  TR: Mapping Class A network ( any easy trick?), Bénoni MARTIN
Next by Thread:  Re: TR: Mapping Class A network ( any easy trick?), James Riden
Indexes:  [Date] [Thread] [Top] [All Lists]