lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080304085355.GA19264@suse.de>
Date: Tue, 4 Mar 2008 09:53:55 +0100
From: Sebastian Krahmer <krahmer@...e.de>
To: Adrian P <unknown.pentester@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Exploring the UNKNOWN: Scanning the Internet
	via SNMP!

On Tue, Mar 04, 2008 at 12:02:25AM +0000, Adrian P wrote:

> * Exploring the UNKNOWN: Scanning the Internet via SNMP! *
> http://www.gnucitizen.org/blog/exploring-the-unknown-scanning-the-internet-via-snmp/
> 
> Hacking is not only about coming up with interesting solutions to
> problems, but also about exploring the unknown. It was this drive for
> knowledge philosophy that lead to surveying a significant sample of
> the Internet which allowed us to make some VERY interesting
> observations and get an idea of the current state of _remote SNMP
> hacking_.
> 
> * Why SNMP? *
> 
> 2.5 million random IP addresses were surveyed via SNMP. Why SNMP you
> might be asking? Well, there are several reasons. First of all SNMP is
> a UDP-based protocol which allows us to perform scanning at a much
> shorter time than via TCP-based protocols. Another advantage of
This is not true. I doubt there is any measurable advantage
of UDP vs. TCP scans if you do it right.
2.5 million addresses can be done in a very short coffee break.

Sebastian


-- 
~
~ perl self.pl
~ $_='print"\$_=\47$_\47;eval"';eval
~ krahmer@...e.de - SuSE Security Team
~ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ