Originally posted here by XTC46

mosts scans are not done by just sending out a ping. The reason for this is becasue most attackers are looking to use a specific vulnerability if they are looking for a random host to attack, so they ping specific ports. you can set most port scanners to scan for port connectivity even if the host does not respond to a ping.
Sorry, my bad. I was think not so much of port scanning but of the basic ennumeration of hosts which needs to take place prior to scanning for a specific port vulnerability. What I was really trying to establish was how these hosts are mapped.


considering just about anyone scanning the open internet for random hosts is probably doesnt have a specific target in mind, chances are they are just looking for the easy hit, and this is exactly what they will do. And it would take a whole 30 seconds longer to find an unprotected host (and im being generous on that 30 second estimate)
I would have thought that most people, even the most dedicated command liners, do this using automated processes. Real hackers write their own of course, but everyone else script kiddies - which I find odd, if the tool is available why bother to write your own unless you think you can make a genuine improvement. I don't see many re-writes of l0phtcrack for example. But then perhaps people are afraid of Mudge and Hobbit turning up on their doorstep and agressively eating all their twinkies



considering this is a massive broadcast address....then sniffing should be easier, not harder.
Now I am lost. If I am using an ISP through ADSL/PPP, I thought

a) that sniffing along the connection would be restricted to physically tapping the phone line and

b) that wireless detection and usage of the network (if present) would be prevented by using a host only subnet mask e.g.


Host IP: 168.229.10.1
Subnet Mask: 255.255.255.255
Default Gateway: 168.229.10.1

Even if you had more than one host on the LAN side and it happened to be wireless, the ADSL connection (Je pense) could not be sniffed but it might be possible to nick an IP address in the network range and/or spoof both the MAC and IP addresses on the LAN (this assumes the jackass setting up the wireless LAN knows nothing about wireless security) and go on from there to use the ADSL connection via the default gateway.

Of course, all of this is preventable by

a) limiting the number of hosts on the LAN using subnet masking
b) putting in place good practice wireless security

It would therefore be as far as I can tell impossible to sniff the main ISP to client connection (because sniffing requires access to the local network segment). It would still be possible to carry out a man in the middle attack but not through ARP poisoning but rather through, for example,

DNS cache poisoning
IP spoofing

both used in conjunction with a spoofed web page.