I typically won't post these types of topics unless I'm really desperate, which is the case. I have done much research by myself but still need some assistance and the clock is ticking :/
I am a whitehat that was employed by an organization [sorry I probably shouldn't say by whom] that hired me for my mitm, arp posioning, and packet injection skills. Quite honestly I'm not near as experienced as the majority of the users on here but they seemed to think I could do the job.
The only problem is they seem to have me doing everything outside of my expertise and have me scanning the ol WAN for external host discovery.
Only problem is that the firewall seems pretty resilient [or I'm just pathetic] and I am not getting any hosts returned on my external scans.... At all. One range I scanned let's say just for example 192.168.0.0/24 [obviously just a local example, not the real range I'm scanning]. And I get 30 some on hosts on the internal scan. Okay great. I hop outside of the network and start doing external scans. Nothing. I can't get ANYTHING!
I'll be honest. I'm no nmap guru. I've read through the "Nmap Network Scanning" book by Gordon Lyon and used a few of his suggested methods and still, nothing.
My first attempts I tried mixing various types of SYN an ACK probes and still can't seem to achieve any king of success.
An example of one of my attempts:
-PE -PA -PS21-25,80,113,31339 -PA80,113,443,10042 -g 53
I'm not asking anyone to do my homework for me. Maybe just point me in the right direction. Again I hate to ask for any help but I have to report on SOMETHING. Haha thanks in advance for any advice.
Oh and I wish I could disclose more information on the network but don't think that would be a good idea.