On Thursday 07 March 2002 05:40 am, Dion Stempfley wrote: > Anything I write would be submitted, integration... That's someone elses > call. > > As for scanning each port, currently you specify the tcp_ping port which is > defaulted to "80". > > I have a list of ports that I use regularly. Its a smaller list then the > ports I scan, but it discovers hosts using DNS, FTP, SMTP, SSH and a few > other services. The intent is that if you don't change the default port > from "80" you would not even see a change.
Here is the list of TCP ports I use for syn sweeps: 21, 22, 23, 25, 53, 80, 110, 143, 264, 389, 443, 1454, 1723, 3389, 993 (though not nessecarily in that order) These ports are ones found open most often on heavily firewalled systems, they are based on a few years of external scanning and have proven to catch 90% of the systems out there. For that extra 10% we use application layer queries, TTL tricks, and a number of other soopersecret host detection techniques ;)
