A lot of verifications have to be made before escalation process can be carried out (this is not a good procedure according to CISSP) in network analysis. Let say you received "HTTPD v3.0 BOF shit" alert, you need to verify is the victims of this alert running HTTP v3.0 or not. The best method is to contact the owner of the victim's server due to:
1) The owner is the best person with a deep knowledge of the server.
But the cons is:
1) Time consuming
So, the alternative is an intrusive method which is banner grabbing. I have no interest in other banner grabbing except Fyodor's Nmap and Teso's Grabbb*. Grabbb is a robust banner grabber compared to Nmap. What i did was:
Grabbb
C:\MyOS\$ time ./grab -i ../ip-TIME-smtp-overflowid.txt 25
Nmap
C:\MyOS\$ time nmap -sV -iL ../ip-TIME-smtp-overflowid.txt -p25
and the result is:
Grabbb -> real 0m30.570s
Nmap -> real 0m22.289s
To my surprise; nmap performed better than Grabbb. But bear in mind, this timing method is not a credible process since a lot of factor need to be considered:
1) Grabbb was compiled on MyOS which run glibc version gazillion but the grabbb was a dinosaur program coming out of Jurassic World.
2) Network load during the process
3) Host load during the process
4) Nmap did not scan the hosts if there were no icmp echo reply since -P0 was not used. ;)
* Disclaimer: I have not gone through the codes for verification, and if you're backdoored because of your inability to read the code; which is equal to mine; please do not hesitate to bang your head to the door.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment