The goal was to identify which IP addresses are alive without triggering IDS alarms.
| Host IP | Open Ports | Service | Risk Level | | :--- | :--- | :--- | :--- | | 192.168.1.10 | 22, 80, 3306 | SSH, HTTP, MySQL | | | 192.168.1.15 | 23 (Telnet) , 3389 | Telnet, RDP | Critical | | 192.168.1.22 | 139, 445, 139 | SMB | High | watch linkedin ethical hacking: scanning networks
This scan was loud . A mature SOC would have detected us within 3 minutes. For a stealthy red team, next steps would involve slow, fragmented scans or DNS tunneling. However, for internal hygiene, this "noisy" report gives the clearest fix list. The goal was to identify which IP addresses
We ran nmap --script vuln on the top 3 risky hosts. For a stealthy red team, next steps would
Using nmap -O -sV , we identified specific versions: