These radical time swings require that you use multiple scanners to perform such an assessment. It is a serious challenge to perform a large-scale assessment in just two weeks when half the time is burned just figuring out what hosts are present. Not knowing the number of hosts that are alive or how many common services that may be there can swing your discovery time between a couple of days to a week. Of course, the odds of finding a class B with 65,535 hosts all up, each with 10 services is about as great as winning the lottery four times.
The steps of discovery scanning must consider what 65,535 hosts mean in terms of time involved: Even if you assume a single second per port discovery, adding a single port could cause your discovery port scan to extend by around 18 hours, seriously affecting your allotted scanning window. When you create a short list of interesting ports, remember that adding or subtracting one port can drastically affect the time involved in the discovery phase. This starts with deciding which ports are the most important to look for. To focus on a large amount of systems in a relatively small amount of time, you must greatly cut back on the time spent per system. As the number of systems to scan increases, while the time allocated to scan remains constant, the amount of time per system must decrease. Adjusting your methodology to account for the number of machines becomes a balancing act between allotted time and number of targets. Thinking about the polar opposites in assessment, you have a single IP address on one side, and a Class B network on the other. Instead of examining every open port on a machine, time constraints may force you to focus on low-hanging fruit and services that are prone to high-risk vulnerabilities. Where you typically scan 65,535 ports on a machine, you may only be able to scan a dozen or two. Large IP blocks in small time periods require you to revise your normal assessment methodology. Performing an audit of tens of thousands of IP addresses is no different from any other audit, unless time is restrictive. Ten years later, I had provided assessments for Class B (or bigger) networks over a dozen times, mostly for government agencies and the occasional university. I had just two weeks to develop a strategy and perform the scan. The first time I was asked to scan a Class B network, my initial reaction was “Are you kidding me?” I actually thought it was a trick question to see how I reacted to unexpected situations.
0 kommentar(er)
