Re: Discovering Live Hosts



Right, first thing, definitions.

Vulnerability Assessment - Identifying any vulnerabilities that exist
on a computer system, this will involve port scanning, enumeration,
service probing and scanning with something like Nessus/Nikto etc.

Penetration Testing - All of the above, but continuing to actual
exploit a computer system to gain control and therefore irrefutably
prove the existance of the vulnerability.

Neither of them are limited to a LAN or a WAN/Internet.

Second...

Is your target range on the same LAN segment as you? Can you get your
testing computer on the same LAN segment for testing? If yes, use
arping which comes with a lot of Linux distro's. Unfortunately,
unless it's been updated, it cannot natively take a list of IP's from
a file, but that can be scripted. You may even be able to ping the
broadcast address and view your own ARP cache for entries (but
unlikely).

If you target IP address range is on a different LAN segment,
separated by a router for example, which essentially is the same
situation for port scanning as testing another LAN over the Internet,
then you are limited to port scanning. I would forget UDP scanning as
the responses would not be reliable. You could try nmap with the ping
options as already mentioned, or nmap with straight TCP scanning.
There's nothing wrong with doing this:
nmap -sT -vv -P0 -p 80 -iL target_file -oN output_file
Then searching through the output_file for all active responses such
as open or closed ports. Once you have that list, you can concentrate
on the non-responders and try further scans to determine if they are
active.

Remember that an open port, closed port, ARP response (get the MAC
address) or possibly a DNS resolution (although you may find
tombstoned entries!) all tell you that a computer is active.

done.
/mail

On 8/8/07, John M. Martinelli <john@xxxxxxxxxxxxxx> wrote:
Since when?

If I'm auditing an intrusion detection system on my LAN, I would
consider that I'm penetration testing, not performing a vulnerability
assessment.

Regards,
John Martinelli
RedLevel.org Security

On Aug 8, 2007, at 2:04 AM, Nikhil Wagholikar wrote:

Hello Jure,

Performing scans from within target LAN is called Vulnerability
Assessment, and doing the same thing from other LAN or outside IP
Address/Addresses is called Penetration Testing.

I have clearly mentioned that the scenario is applicable for
Pen-Testing. Kindly suggest the same answer from Pen-Testing point of
view.

Thanks for your suggestion. This suggestion will be usefull for
Vulnerability Assessors.

---
Nikhil Wagholikar
Information Security Analyst


On 8/8/07, Jure Krasovic <jure.krasovic@xxxxxxxx> wrote:
Nikhil Wagholikar pravi:
Hello List,

I need some suggestions and inputs from all Pen-testers around the
world on this issue.

Hello Nikhil,

if you are on the same LAN as machines you do pentest, you should try
arpping.

Regards

Jure


----------------------------------------------------------------------
--
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
----------------------------------------------------------------------
--



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------




--
Lee J Lawson
leejlawson@xxxxxxxxx

"Give a man a fire, and he'll be warm for a day; set a man on fire,
and he'll be warm for the rest of his life."

"Quidquid latine dictum sit, altum sonatur."

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



Relevant Pages