From: Jure Krasovic (jure.krasovic@lusp.com)
Date: Tue Aug 07 2007 - 22:59:54 EDT
Nikhil Wagholikar pravi:
> Hello List,
>
> I need some suggestions and inputs from all Pen-testers around the
> world on this issue.
>
> I have been alloted a set of IP Address Pool for pen-testing. So my
> first task is to find out live IP Addresses out of the given Pool of
> IP Addresses (Class A & Class B). I know, that normal ping (ICMP)
> won't help me, because now-a-days firewalls can be configured to drop
> ICMP requests. So if I ping (ICMP) the hosts to find live IP Address,
> it won't help me.
>
> Performing a full port scan for the whole IP Address Pool range is
> also not recommended solution, since my whole and sole target is just
> to find Live IP Addresses out of given Pool of IP Addresses i.e.
> either UP or DOWN thats it!!
>
> Now second thought that comes to my mind is TCP Ping. Nmap has a very
> beautiful option built into it i.e. -sP or -PT or -PS. But by default
> it tries to connect to port 80 if no port is specified along with it.
> If the remote IP Address doesn't have HTTP/HTTPS service running on
> it, but has some other service (like FTP, SMTP etc) running on it,
> then even this option would fail. Besides this, if suppose SMTP is
> configured on port 26 instead of traditional port 25, then it would
> add a twist to this situation. Hence specifying well known ports along
> with -PT or -PS option is also not a effective method of discovering
> live hosts from given IP Address Pool. Added to this, specifying large
> number of well known ports along with this options (-PT. -PS), leads
> Nmap to exit abruptly by throwing Buffer Overflow related error.
>
> Can anyone kindly guide me, as to how to find live IP Addresses from a
> given Pool of IP Addresses (Range of IP Addresses) with as less false
> positive results as possible and as quickly as possible? Is there any
> tool out (no matter shareware or freeware), which focuses on finding
> live IP Addresses from Pool of IP Addresses?
>
> --
> Nikhil Wagholikar
> Information Security Analyst
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>
>
>
Hello Nikhil,
if you are on the same LAN as machines you do pentest, you should try
arpping.
Regards
Jure
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:59 EDT