Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Look up keyword
Like this
45Activity
0 of .
Results for:
No results containing your search query
P. 1
Ebook - Hack - Discovery Nmap

Ebook - Hack - Discovery Nmap

Ratings:

4.5

(1)
|Views: 1,767|Likes:
Published by api-26021296

More info:

Published by: api-26021296 on Oct 16, 2008
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

03/18/2014

pdf

text

original

Host Discovery with nmap
By: Mark Wolfgang
moonpie@moonpie.org
November 2002
2
Table of Contents
Host Discovery with nmap.............................................................................. 1
1. Introduction.........................................................................................3
1.1 What is Host Discovery?..................................................................... 4
2. Exploring nmap\u2019s Default Behavior........................................................ 6
2.1
Scenario 1 \u2013 Firewall With No Filtering............................................ 7
2.2
Scenario 2 \u2013 Firewall With a Generic Ruleset................................... 8
2.3
Scenario 3 \u2013 Firewall With Specific Rules......................................... 9
2.4
Scenario 4 \u2013 Stateful Firewall with Specific Rules........................... 10
3. Understanding nmap\u2019s Discovery Options............................................ 11
3.1
Customizing TCP Pings................................................................. 11
3.2
Customizing I CMP Messages........................................................ 13
3.3
Bringing It All Together................................................................ 14
4.
Conclusion...................................................................................... 16
3
1.
I ntroduction

As a Computer Security Engineer that regularly conducts external penetration
tests, a recurring challenge seems to arise when assessing organizations with a
large allocation of I P address space. What does one do when faced with multiple
class B\u2019s, a few class C\u2019s, and a limited amount of time? Do you stick all of the
address space in your favorite scanner and hit theGo button, wait till it\u2019s done
and hope the results are accurate? How can you be sure that your scanner
found all the hosts that are accessible? Do you even know the method your
scanner uses to discover which hosts are alive?

This document attempts to answer the above questions, and will illustrate (at a
very technical level) the methodology that I use to accurately discover which
hosts are accessible prior to conducting port scanning or a vulnerability

assessment.
Note: Some may say that unless one performs a scan on all 65535 TCP and UDP

ports on every possible I P address in the range, that the penetration tester isn\u2019t
being thorough enough. While I do agree that in order to be completely
thorough, one must perform a scan as stated, but I have rarely, if ever had the
luxury of performing such a scan, as it usually takes a considerable amount of

time. An underlying theme about Information Security is about striking a

balance and weighing the pros and cons. I f being absolutely thorough and time is of no consideration, you\u2019ll more than likely want to run a full, blind scan on all I P addresses. I f however, a balance can be struck between being thorough and completing the project on time, read on \u2013 you may learn some techniques to

improve both the accuracy and efficiency of your scans.

Activity (45)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Jose Vega liked this
kaptan_tr liked this
elivilma liked this
depinders1 liked this
Minh Trinh liked this
xxxxdtxxxx liked this
Amirul Abu liked this
Arun Kumar liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->