Thanks for everyone's ideas so far about finding live XP SP2 hosts (that are not on the same subnet as the scanner). Apologies if I'm going over old-ground and of course this is not necessarily such a problem for everyone.
I was quite encouraged by the idea that TCP ping to the UPnP port should detect a live XP SP2 host. Unfortunately it seems that with XP SP2 firewall the UPnP ports will only be unblocked if the local admin has done it deliberately or installed UPnP framework optional UI components (in which case the UPnP f/w exception is automatically enabled). I think in most cases the UPnP ports will stay blocked. http://support.microsoft.com/?kbid=886257&SD=tech It seems there is no "magic bullet" for this problem; it looks as if using dumps of recent router ARP data etc. to shortlist possible live hosts and/or speculative probing of ports without any certainty that the target device is currently up is the best that can be done. The challenge is perhaps simply to decide how to trade-off thoroughness, time and resources, -- Carl Nelson Distributed Systems Support Section, Computer Centre, University of Leicester, Leicester, LE1 7RH, U.K. Tel: +44 (0)116 252 2060, Fax: +44 (0)116 252 5027 _______________________________________________ Nessus mailing list [email protected] http://mail.nessus.org/mailman/listinfo/nessus
