Discovering Live Hosts

From: Nikhil Wagholikar (visitnikhil@gmail.com)
Date: Tue Aug 07 2007 - 11:29:53 EDT

• Next message: Jason Ross: "Re: ARP Requests"
• Previous message: Nicolas villatte: "RE: ARP Requests"
• Next in thread: Jure Krasovic: "Re: Discovering Live Hosts"
• Reply: Jure Krasovic: "Re: Discovering Live Hosts"
• Reply: rajat swarup: "Re: Discovering Live Hosts"
• Maybe reply: Dan Catalin Vasile: "Re: Discovering Live Hosts"
• Reply: Alcides: "Re: Discovering Live Hosts"
• Reply: Sat Jagat Singh: "Re: Discovering Live Hosts"
• Reply: ragdelaed: "RE: Discovering Live Hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello List,

I need some suggestions and inputs from all Pen-testers around the
world on this issue.

I have been alloted a set of IP Address Pool for pen-testing. So my
first task is to find out live IP Addresses out of the given Pool of
IP Addresses (Class A & Class B). I know, that normal ping (ICMP)
won't help me, because now-a-days firewalls can be configured to drop
ICMP requests. So if I ping (ICMP) the hosts to find live IP Address,
it won't help me.

Performing a full port scan for the whole IP Address Pool range is
also not recommended solution, since my whole and sole target is just
to find Live IP Addresses out of given Pool of IP Addresses i.e.
either UP or DOWN thats it!!

Now second thought that comes to my mind is TCP Ping. Nmap has a very
beautiful option built into it i.e. -sP or -PT or -PS. But by default
it tries to connect to port 80 if no port is specified along with it.
If the remote IP Address doesn't have HTTP/HTTPS service running on
it, but has some other service (like FTP, SMTP etc) running on it,
then even this option would fail. Besides this, if suppose SMTP is
configured on port 26 instead of traditional port 25, then it would
add a twist to this situation. Hence specifying well known ports along
with -PT or -PS option is also not a effective method of discovering
live hosts from given IP Address Pool. Added to this, specifying large
number of well known ports along with this options (-PT. -PS), leads
Nmap to exit abruptly by throwing Buffer Overflow related error.

Can anyone kindly guide me, as to how to find live IP Addresses from a
given Pool of IP Addresses (Range of IP Addresses) with as less false
positive results as possible and as quickly as possible? Is there any
tool out (no matter shareware or freeware), which focuses on finding
live IP Addresses from Pool of IP Addresses?

--
Nikhil Wagholikar
Information Security Analyst
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Jason Ross: "Re: ARP Requests"
• Previous message: Nicolas villatte: "RE: ARP Requests"
• Next in thread: Jure Krasovic: "Re: Discovering Live Hosts"
• Reply: Jure Krasovic: "Re: Discovering Live Hosts"
• Reply: rajat swarup: "Re: Discovering Live Hosts"
• Maybe reply: Dan Catalin Vasile: "Re: Discovering Live Hosts"
• Reply: Alcides: "Re: Discovering Live Hosts"
• Reply: Sat Jagat Singh: "Re: Discovering Live Hosts"
• Reply: ragdelaed: "RE: Discovering Live Hosts"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT