Quote:
would have thought that most people, even the most dedicated command liners, do this using automated processes. Real hackers write their own of course, but everyone else script kiddies - which I find odd, if the tool is available why bother to write your own unless you think you can make a genuine improvement. I don't see many re-writes of l0phtcrack for example. But then perhaps people are afraid of Mudge and Hobbit turning up on their doorstep and agressively eating all their twinkies
what I was getting at is about 90 percent of people who are just picking a target at random the way you are talking about is probably some loser. Most real "hackers" are looking for something specific, not just an open box on the net. If they are just looking for an open box then they are looking to use a certain exploit so they will just scan for oepn ports since they really dont care what they are attacking they will pick the easiest.
Quote:
Sorry, my bad. I was think not so much of port scanning but of the basic ennumeration of hosts which needs to take place prior to scanning for a specific port vulnerability. What I was really trying to establish was how these hosts are mapped
people dont try and map out the internet like that, its too big and a waste of time and resources. If an attacker is mapping out something chances are its going to be a corporate network, and then they still wont use just a standard ping. especially now that by default windows XP sp2 drops the pings it rather pointless. scanning for a port causes more noise but is much more effective, and if you scan over a long period of time (a few days for a few hosts on the network) you can be successful with little risk) port scanning itself is not illegal in the US so if you are just looking for an open host on the net then the only reason you would just blast out pings would be to find that unprotected box.