Ultimate Host discovery

[rucciva]

hi everyone, i'm just wondering about this,,
is there any host discovery technique that will work even when the target disable all kind of icmp and uses statefull firewall configuration

[noob]

just do regular nmap scan,add -PN to skip icmp and you will be fine

[rucciva]

if the target using firewall with stateful configuration and block all 1000 highest port, would the result show the target is not up,,,,
CMIIW

[Kulverstukas]

If nMap shows all ports as closed, then either the host doesn't have anything open or the firewall is very tight. Usually it would at least have port 80 open even if it doesn't run a HTTP service. If it's a windows machine on stock or very little config, it will have ports 143 and 455 (or something) open.
-PN option is only helpful if the host responds that it's offline even though it isn't, it will not bypass the port filters.
How to bypass the firewall completely - I have no idea

[rucciva]

If nMap shows all ports as closed, then either the host doesn't have anything open or the firewall is very tight. Usually it would at least have port 80 open even if it doesn't run a HTTP service. If it's a windows machine on stock or very little config, it will have ports 143 and 455 (or something) open.
-PN option is only helpful if the host responds that it's offline even though it isn't, it will not bypass the port filters.
How to bypass the firewall completely - I have no idea

so are you saying although the firewall blocked the port, nmap will result in the port is being closed and by other means, the host is up???

[Kulverstukas]

yeah. If you scan the host, sometimes you get that the host is down. You then use -PN and get that the host is up (not 100% accurate) but all the ports reports as closed.