Using
ICMP to build a host list and scanning with domain admin rights,
you can configure a discovery policy to check a few ports and
services, and make a guess at the OS running. This type of scan
is resource friendly. NMAP is typically used when the shortcomings
inherent to ISS make it difficult to do an effective scan, typically when trying
to scan external or protected networks.
regards,
-----Original Message-----
From: Gonzalez, Jesus M [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 04, 2003 10:14 AM
To: 'Evans, Mark (Contractor)'; Gonzalez, Jesus M; '[EMAIL PROTECTED]'
Subject: RE: [ISSForum] ISS - Stealth - IP SweepThank you for the response.We are considering NMAP. But, ISS is our official product, we wanted to see if ISS would function similar to NMAP (not a full blown scan). In that it would not impact the scanning devices and yet distinguish the device types. I believe I misused the word stealth. What I really want is not to impact system resources and still discover unknown devices and type of devices.Thanks,Marc-----Original Message-----
Sent: Tuesday, February 04, 2003 9:57 AM
Subject: RE: [ISSForum] ISS - Stealth - IP SweepWhy would you need it to be "stealth" to find machines on the network? IS performs ICMP echo request as the basic discovery tool.You can tailor a policy or use the inventory policy that comes with IS and look for services that are turned on to help determine what device it is that is responding.Perhaps using NMAP and building a host table would better suit your needs.regards,
Mark-----Original Message-----
From: Gonzalez, Jesus M [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 03, 2003 4:06 PM
To: '[EMAIL PROTECTED]'
Subject: [ISSForum] ISS - Stealth - IP SweepCan ISS run a stealth IP sweep to find the items mentioned below. If so, how is it done? ( I'm not referring to the stealth port scan in the vulnerability db)
I need to determine what devices (IP's) are on the network before scanning them. Can ISS do this?
1. If so, how and what information is echoed back to the scanning machine?
2. If so, is it possible to distinguish the responding devices to be firewalls, routers, or switches?Thank you,
Marc
