[...]... Foundstone, Inc 2002 http://www.foundstone.com sl [-? bhijnprsTUvz] [-cdgmq ] [- LoO ] [-tu [,-]] IP[,IP-IP] -? - Shows this help text -b - Get port banners -c - Timeout for TCP and UDP attempts (ms) Default is 4000 -d - Delay between scans (ms) Default is 0 -f - Read IPs from file Use "stdin" for stdin -g - Bind to given local port -h - Hide results for systems with no open ports -i - For. .. addition to Echo Requests -j - Don't output " - " separator between IPs -l - Read TCP ports from file -L - Read UDP ports from file -m - Bind to given local interface IP -n - No port scanning - only pinging (unless you use -p) -o - Output file (overwrite) -O - Output file (append) -p - Do not ping hosts before scanning -q - Timeout for pings (ms) Default is 2000 -r - Resolve IP addresses to hostnames -s - Output... contact the person responsible for the system in order to make the system “legal.” If you do find a rogue system, however, you will want to see where it is located and perform other information-gathering steps in an attempt to get it removed from the network or complete the needed procedures for the system to have authorized access to the network Sometimes this process is relatively simple, such as when the. .. purpose of these special enumerating scanners may vary from legitimate security tools to scanning for systems to launch denial of service attacks from As is always the case, use caution when downloading such tools from the Internet and research the source of the tool to ensure that you are not introducing a Trojan or virus into your environment .The general purpose scanners are usually intended for finding... addresses to hostnames -s - Output in comma separated format (csv) -t - TCP port(s) to scan (a comma separated list of ports/ranges) -T - Use internal list of TCP ports -u - UDP port(s) to scan (a comma separated list of ports/ranges) -U - Use internal list of UDP ports -v - Verbose mode -z - Randomize IP and port scan order Example: sl -bht 80,10 0-2 00,443 10.0.0. 1-2 00 www.syngress.com 441_HTC_OS_Sec_01.qxd... processes are automated for you by SuperScan When you select the Windows Enumeration tab (shown in Figure 1.7), you are presented with various checks you can perform in the left pane After you choose the option you wish to use, click Enumerate and the results will populate in the right pane Figure 1.7 Windows Enumeration V4 The process of enumerating the shares can be done for all hosts on the entire subnet... checking the Shares check box on the Windows Enumeration tab, and is just one of the enumeration options SuperScan can use By default SuperScan will perform all of the enumeration using no credentials, but if you click Options on the Windows Enumeration tab, you can enter specific account information that should be used for the connections .The NetBIOS Name Table enumeration type is the same information... on the network Wireless systems can be identified relatively easily due to the fact that they must transmit a signal in order to communicate Depending on the size of the network, you may even be able to take an inventory of the ports used on switches and routers, or for those with a lot of time on their hands, by cross-referencing the ARP tables of the switches with a list of known hosts In 99% of the. .. you may want to scan for very specific responses One example would be to scan for machines infected with the Back Orifice Trojan (BOPing) or to scan for SNMP-enabled devices (via SNScan) Nbtscan gathers NetBIOS information on a network for all devices Both BOPing and SNScan are available from Foundstone, but there are many more examples of special purpose enumerators available on the Internet .The intended... systems on your network, the next logical step is to determine the security posture of those systems Several automated security scanning tools are available that can check for a large list of known vulnerabilities and can make this task easier We will demonstrate the configuration and operation of some automated vulnerability scanners We will also discuss the Microsoft Baseline Security Analyzer, which . Inc. 30 Corporate Drive Burlington, MA 01803 How to Cheat at Configuring Open Source Security Tools Copyright © 2007 by Elsevier, Inc. All rights reserved. Printed in the United States of America years hands-on experience. She currently per- forms leading-edge security consulting and works in research and develop- ment to advance the state of the art in information systems security. Angela currently. demonstrate that your documentation matches the true state of the network and that routers and switches are where they are supposed to be. Given the fact that systems can be very hard to locate physically,