From: Petr.Kazil@eap.nl
Date: Fri Jan 13 2006 - 15:06:47 EST
Inspiring desription by Pete! I will look more into Unicornscan.
Pete Herzog <lists@isecom.org> wrote on 04-01-2006 15:06:00:
> It's basically: construct packet, record construct, send packets, and
> record response. Modify and retry. Correlate.
However I sympathize with the original poster (David). Over the years
firewalls have gotten better and most of the techniques that used to work
(TTL-tweaking etc.) don't seem to work anymore. Running a sniffer along
with the scan is good practice, but usually doesn't produce much of value.
What works surprisingly well is scanning the IP-range in Google. I've
written a simple script that will query Google for adresses in a range
form (let's say) 10.0.0.1 to 10.0.0.255. This usually yields the adresses
of outgoing proxies that would be invisible in a normal scan. Most often
it's not possible to do anything useful with this information, but most
clients are amused: "You discovered all our systems and even some that
don't exist anymore!" :-)
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:
Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:22 EDT