Penetration Testing mailing list archives
Re: Discovering Live Hosts
From: "Lee Lawson" <leejlawson () gmail com>
Date: Wed, 8 Aug 2007 08:34:11 +0100
Right, first thing, definitions. Vulnerability Assessment - Identifying any vulnerabilities that exist on a computer system, this will involve port scanning, enumeration, service probing and scanning with something like Nessus/Nikto etc. Penetration Testing - All of the above, but continuing to actual exploit a computer system to gain control and therefore irrefutably prove the existance of the vulnerability. Neither of them are limited to a LAN or a WAN/Internet. Second... Is your target range on the same LAN segment as you? Can you get your testing computer on the same LAN segment for testing? If yes, use arping which comes with a lot of Linux distro's. Unfortunately, unless it's been updated, it cannot natively take a list of IP's from a file, but that can be scripted. You may even be able to ping the broadcast address and view your own ARP cache for entries (but unlikely). If you target IP address range is on a different LAN segment, separated by a router for example, which essentially is the same situation for port scanning as testing another LAN over the Internet, then you are limited to port scanning. I would forget UDP scanning as the responses would not be reliable. You could try nmap with the ping options as already mentioned, or nmap with straight TCP scanning. There's nothing wrong with doing this: nmap -sT -vv -P0 -p 80 -iL target_file -oN output_file Then searching through the output_file for all active responses such as open or closed ports. Once you have that list, you can concentrate on the non-responders and try further scans to determine if they are active. Remember that an open port, closed port, ARP response (get the MAC address) or possibly a DNS resolution (although you may find tombstoned entries!) all tell you that a computer is active. done. /mail On 8/8/07, John M. Martinelli <john () martinelli com> wrote:
Since when? If I'm auditing an intrusion detection system on my LAN, I would consider that I'm penetration testing, not performing a vulnerability assessment. Regards, John Martinelli RedLevel.org Security On Aug 8, 2007, at 2:04 AM, Nikhil Wagholikar wrote:Hello Jure, Performing scans from within target LAN is called Vulnerability Assessment, and doing the same thing from other LAN or outside IP Address/Addresses is called Penetration Testing. I have clearly mentioned that the scenario is applicable for Pen-Testing. Kindly suggest the same answer from Pen-Testing point of view. Thanks for your suggestion. This suggestion will be usefull for Vulnerability Assessors. --- Nikhil Wagholikar Information Security Analyst On 8/8/07, Jure Krasovic <jure.krasovic () lusp com> wrote:Nikhil Wagholikar pravi:Hello List, I need some suggestions and inputs from all Pen-testers around the world on this issue.Hello Nikhil, if you are on the same LAN as machines you do pentest, you should try arpping. Regards Jure---------------------------------------------------------------------- -- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ---------------------------------------------------------------------- -------------------------------------------------------------------------- This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
-- Lee J Lawson leejlawson () gmail com "Give a man a fire, and he'll be warm for a day; set a man on fire, and he'll be warm for the rest of his life." "Quidquid latine dictum sit, altum sonatur." ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts pand0ra (Aug 08)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 07)
- Re: Discovering Live Hosts Jure Krasovic (Aug 07)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts John M. Martinelli (Aug 07)
- Re: Discovering Live Hosts Vivek P (Aug 08)
- Re: Discovering Live Hosts Lee Lawson (Aug 08)
- Re: Discovering Live Hosts Nikhil Wagholikar (Aug 07)
- Re: Discovering Live Hosts rajat swarup (Aug 08)
- Re: Discovering Live Hosts Sat Jagat Singh (Aug 08)
- <Possible follow-ups>
- Re: Discovering Live Hosts Dan Catalin Vasile (Aug 08)
- Re: Discovering Live Hosts rajat swarup (Aug 08)
- Re: Discovering Live Hosts Fabrizio (Aug 08)