Re: faster scans? (nmap)

From: Andreas Junestam (andreas@atstake.com)
Date: Tue Jun 04 2002 - 03:57:29 EDT

• Next message: Gregory Duchemin: "Re: faster scans? (nmap)"
• Previous message: Anders Thulin: "Re: faster scans? (nmap)"
• In reply to: wirepair: "Re: faster scans? (nmap)"
• Next in thread: Gregory Duchemin: "Re: faster scans? (nmap)"
• Reply: Gregory Duchemin: "Re: faster scans? (nmap)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

there is one more way to do this, but it assumes the machine to listen
on atleast one well-known port. Do a SYN sweep (fscan is easy to use
for this if you're stuck under windows) of the entire class B, but only
scan for 10-20 well-know ports and without pinging, such as ftp, ssh,
telnet, dns, http, finger, fw-1 ports, netbios, rpcportmap, https,
ldap, cisco ports and so on. This will not take more than 10-20 sec
per host. When you have pinned down most machines with this (and maybe
combined with an ordinary ping sweep), just hit all found machines with
a full blown nmap scan.

/andreas

wirepair wrote:
>
> Thanks for the responses:
> - The -PT option is great, if you know the host is
> listening on that specific port, otherwise it's kinda of
> useless. Remember a firewall is most likely sitting
> infront intercepting these packets, if the IP does not
> exist the firewalls going to drop (and not send a rst) the
> packet. This gives us no information to work from heh.
> - The -T Insane (5) -T Aggressive (4) Options don't
> exactly help either, Insane gives up after 75 seconds if
> no response is seen, (keep in mind a machine that may have
> a service listening on port 23592, this would never get
> picked up, nmap would quit after 75 seconds of scanning
> [unless it hit this by random]) So that rules this option
> out. Aggressive timed out in 300 seconds same deal as
> before with Insane.
> - strobe didn't seem to work any faster in this case, I
> tried that as well.
> *sigh* people need to not disable icmp echo reply :)
> Any other suggestions? (Thanks to all of you who did
> respond)
> -wire
> _____________________________
> For the best comics, toys, movies, and more,
> please visit <http://www.tfaw.com/?qt=wmf>
>
> ----------------------------------------------------------------------------
> This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Next message: Gregory Duchemin: "Re: faster scans? (nmap)"
• Previous message: Anders Thulin: "Re: faster scans? (nmap)"
• In reply to: wirepair: "Re: faster scans? (nmap)"
• Next in thread: Gregory Duchemin: "Re: faster scans? (nmap)"
• Reply: Gregory Duchemin: "Re: faster scans? (nmap)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT