[Previous] [Next] [Index]
[Thread]
Re: Probe for unannounced web servers in a domain?
If you want to take a brute force approach, you might start by using
a program like 'netscan' from the TIS Tookit (ftp://ftp.tis.com/pub...)
--and then, for each host discovered, run their 'portscan' tool
against it. License agreements permitting (the Toolkit comes in source
form--K&R C; remember that? ;) , you might modify those two tools to
specifically address your application.
I've hacked them up for various purposes, and it's pretty trival to
do. They're both just a few pages of Marcus Ranum's excellent code.
You might just want to identify likely port listeners, such as 80 or
8080 (and others), and try sending a GET to them after a connection.
You could do a simple parse of the response (if any--and don't forget
to set a timeout for those non-responsive servers you connect to!),
and identify a WWW server pretty well I'd think.
I don't think you want to go the hosttable route. It's too static
for any environment that is as dynamic as yours sounds, IMO.
Richard
* I am looking for tools and/or methods for discovering unannounced web
* servers in my domain, a typical heterogeneous unfirewalled university
* site.
*
* My motivation is partly security (to turn over as many rocks as I can
* and see what wriggles out) and partly to automatically publicize
* legitimate servers that students or departments may have set up on
* their own machines.
*
* This question really has two pieces:
*
* (1) The obvious brute-force method to look for unnanounced but
* legitimate servers would be to take a recent local host table and
* attempt to connect to port 80 of every host with an HTTP "GET /"
* request. Ideally such a program should pace itself slowly, work
* during off-hours, etc. in order to minimize its impact on the campus
* network. Does anyone know of an existing tool which does this or do
* I need to write it?
*
* (2) I'm also looking for less obvious methods, especially those
* which may be able to detect servers on ports other than 80. Does
* anyone know of existing tools or promising methods? They could
* either operate by watching the network (sniffing for packets which
* look like HTTP transactions, I suppose?) or, in a more limited
* fashion, on a Unix server itself.
*
* I've glanced through several lists of network security software
* packages (e.g., "http://www.alw.nih.gov/Security/prog-network.htm")
* and seen some tools which look like they *might* be adaptable to this
* purpose, but I'm hoping that there are tools which fit this need to
* begin with.