Scanning mode: IP/network range sampling engine (linear rand, stratified, stratified rand) #16
Assignees
Labels
core feature
Fundemental or profoundly differentiating product feature
mvp
A minimum requirement to have a viable product
Comments
chux0r
changed the title
chux0r
added
feature request
chux0r
added
mvp
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
A-Z whole-net scanning is not a realistic strategy for teams needing to enumerate or locate things within very large address spaces, especially ipv6. Stratified random sampling has been useful for researchers in other fields (hello anthropologists!) also dealing with the need to use limited resources to maximize the location of the most significant artifacts. Most are dealing with a limitation on time and funding. We are as well.
To get the best results possible from stratified random target scanning, it will also be important to adjust targeting using things we know, or at least guess intelligently: about the space, customs, protocols, patterns observed, and other knowns to tighten up testing. For instance, we know the first and last addresses of a network are the network and broadcast addresses, respectively. We also can make a decent guess that network routing devices are likely to be found on the first or last host-addressable IP addresses. Knowing that hosts are more likely to have adjacency might give rise to a method that interrogates neighboring IPs once we locate a host. And so on.
Just like anthropologists on a dig with limited research dollars who gather intelligence from other researchers, info gathered from locals in an area, topographical maps, satellite photography, aerial photos, and past results, so should we use available intel to adjust our stratified random sampling.
The text was updated successfully, but these errors were encountered: