blueaxis

Thanks very much!

Thanks for sharing your views. I have seen people using the term “Low Hanging Fruit”. Any tips how to identify these?

Thanks for posting your inputs. I like your views on the port 80 stuff.

Your recommendations look solid – no doubt. I was envisioning something like Encryption/Decryption as a course that covers all widely implemented platforms into one umbrella. You know there is cost factor too 🙂

Thanks all for your inputs. Looks like the ballpark figure is around $1200 – $1500.

MeXe – Thank you very much for your inputs. So it appears the following strategy would be a good start.

1. Pick a host, scan for all TCP ports. Of course with timing options enabled.
2. Repeat step 1 for all the remaining hosts.
3. Pick a host, scan for all UDP ports.
4. Repeat step 3 for all the remaining hosts.
5. Selectively run -sV after…[Read more]

Thanks members! Guess will have to do some reading on nmap performance.

Would you prefer to do the scans in little pieces and store the output in database? OR would you prefer greppable output format in text files like say per IP or something…

Some more updates on this.

This time I made sure wireshark is enabled while performing the nmap scan, to my strangeness 192.168.xx.0 doesn’t show up in the capture. It’s however displayed in the nmap output.

I will try it couple more times today and see if I can spot anything.

It appears that “.0” address would be a broadcast address. Feel free to correct me if that isn’t the case.

I tried v2c but again the result was same as v1. It was inconsistent with the other tool I mentioned. I haven’t tried version 3 so that’s something I should poke around.

Thanks everyone for your advise. I did try the verbose option.

It appears nmap is scanning 192.168.xx.0 ip address multiple times. I didn’t ask nmap to scan that host by the way. Not sure if that is the default behavior.

Thank you! Will try these.

Right these are all internal lab network ip addresses 192.168.*.*

Thanks all for your suggestions. Sorry I forgot to mention these are all non-routable addresses. My goal is to make sure I complete the necessary information gathering before firing up nmap.

it appears tools like firece and reverseraider would help but i don’t know what domain name to provide (as input) to these tools. so basically i have ip’s…[Read more]

Thank you so much. Looks like a site to be bookmarked  🙂

I am curious to know how the switch port mapppers work internally. I did some google search but couldn’t really find much on how they work. Do they work on wireless networks too?

That seems like quite a bit of task involved.

I was assuming may be the solution would be something like – looking up the DHCP server database and identifying which login/mac has been assigned that particular ip. Do you have any thoughts if that approach is possible?

Very interesting perspectives. Thanks for sharing them. When you say orgs are weak from inside – do you mean network layer or application layer?

Thanks for the responses – I will work on your suggestions.

Does RFC’s provide a good reference point?