RE: Scanning Class A network

From: Josh Perrymon (perrymonj_at_networkarmor.com)
Date: 10/24/05

Next message: Mike Jones: "Re: Scanning Class A network"

Previous message: robert_at_dyadsecurity.com: "Re: Scanning Class A network"
Maybe in reply to: tarunthenut_at_gmail.com: "Scanning Class A network"
Next in thread: Mike Jones: "Re: Scanning Class A network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Mon, 24 Oct 2005 12:43:44 -0500
To: <tarunthenut@gmail.com>, <pen-test@securityfocus.com>

I think you could break it out over 4 scanners- use Nmap with something
like- Nmap -T4 -P0

I would use the SQL backend centralized utilizing different scanner IDs.
If it's taking a month to run the scan what about trending?

You need to script as much of this as possible. I would stick with Nmap
for the tool of choice.. You can play around with different flags and
settings to ensure your using the best combination.

Do you have any idea what services should be up if a machine is indeed
available? If so then you could write a script to look for those open
ports before scanning the entire class A with nmap.

Ex- When doing an internal assessment after verifying no devices will
deny ICMP I'll do an nmap -sP and export to a text file. I'll then grep
the results and import that into Nmap and Nessus for scanning to save
time.

But this only works if your 100% sure no devices block ICMP. This could
roll-over into the procedure used to scan the class A.

JP
Network Armor

-----Original Message-----
From: tarunthenut@gmail.com [mailto:tarunthenut@gmail.com]
Sent: Monday, October 24, 2005 8:33 AM
To: pen-test@securityfocus.com
Subject: Scanning Class A network

Hello All,
Recently I was given a task to carry out a port scan of an entire valid
Class A range (Dont ask me what the huge pool of valid IP's was for :)
).
The scan needed to be carried out externally, and not from within the
network to identify hosts and ports exposed to the Internet.
The problem compounded cause of the following limitations :
1. ICMP was not allowed in the network
2. The IP range was to be scanned every month for the entire port range
fro=
m
1-65535 for TCP & UDP
After searching for a suitable scanner which could scan such a large
range
in reasonable time, I could think of only nmap, nessus, superscan and
ISS.
But because of the limitations stated above,all the tools took a huge
amount of time (ran into month).
I have struggled with options within the tools, tried configurable
parameters (host time out, parallelism, RTT etc) and divided into
smaller
class C networks and scanned.but still the scan seems to take ages even
if
it is
Any advise would be welcome :)

Cheers
tarunthenut

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on
your
website. Up to 75% of cyber attacks are launched on shopping carts,
forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers
are
futile against web application hacking. Check your website for
vulnerabilities
to SQL injection, Cross site scripting and other web attacks before
hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Next message: Mike Jones: "Re: Scanning Class A network"

Previous message: robert_at_dyadsecurity.com: "Re: Scanning Class A network"
Maybe in reply to: tarunthenut_at_gmail.com: "Scanning Class A network"
Next in thread: Mike Jones: "Re: Scanning Class A network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

RE: Port Scanner Reports
... >> scheduled basis, say ... I ended up writing a perl wrapper around nmap to feed IP addresses from ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
Re: Scanning Class A network
... About point 2, i recommend you Nmap... ... >network to identify hosts and ports exposed to the Internet. ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
RE: Nmap scanning speed
... > port scanning speed of over 700 ports per second from nmap? ... improvements in SMP and the network stack. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ...
(Pen-Test)
RE: Strange NMAP 4.0 Behavior
... Subject: Strange NMAP 4.0 Behavior ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on ... Up to 75% of cyber attacks are launched on shopping carts, ...
(Pen-Test)
Re: PacketStuffs nmap binary
... I need to upload nmap to a compromised NT box. ... Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. ... Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. ...
(Pen-Test)