Product FAQs
Luxor CRM
Ramses Quote
Selket Network Security
Send a Request
Support Tools
Contact us

How is the Selket Identification Phase useful?

What does Selket do?

How does Selket work?

Does Selket perform a ping scan?

I know I have more machines than are shown by Selket. Why aren't they displayed?

Some machines that I did not expect to see are on the Selket. Why?

How is the Selket Identification Phase useful?
Selket is a network discovery tool aimed at finding computers of a given domain and providing limited information about them. It detects devices and services running without authorization (i.e. placed by a non-authorized user). It also finds weaknesses due to DNS server and firewall misconfigurations. Networks are continually evolving and changes in firewall rules or DNS set-ups may allow intruders to find more information than they should.
Back to top

What does Selket do?
Only limited information is gathered for each host identified, so as to be the least intrusive as possible.

For each device, Selket checks:

  • whether any routers are present
  • the operating system it is running
  • open TCP ports (FTP [21], SSH [22], TELNET [23], SMTP [25], DNS [53], HTTP [80], POP [110], NETBIOS [135 and 139] and HTTPS [443])

Selket displays the results in graphical and table format. The table format is easier to manage when many hosts are found.
Back to top

How does Selket work?
Selket simply takes an Internet domain name, e.g. "yourname.com". It relies on the domain's DNS and the netblock information to find as many computers within that domain as it can. Selket uses many methods to find hosts:

  • AXFR: Selket identifies the name server (NS) who has authority on this domain and sends a request to list all the hosts managed by this name server. However, this request is not always allowed and must be forbidden by the administrator.
  • FQDN brute force: Selket uses a proprietary list of roughly 100 common names (such as www, ftp) to form a list of fully qualified domain names (FQDN). Selket then queries the NS to find the IP addresses assigned to the FQDN.
  • IP brute force: when Selket finds a target, it uses the IP address to determine the netblock and process the result to see if the corresponding FQDN belongs to the domain.
  • The TCP scan employs technology completely developed by our partner company, Qualys.

Back to top

Does Selket perform a ping scan?
Yes! If we are sure that the neblock is the property of the customer (we make this test with a whois). In other cases, Selket will not perform a ping scan.
Back to top

I know I have more machines than are shown by Selket. Why aren't they displayed?
Some possible reasons:

  • The machines are not recorded in the public DNS.
  • They are recorded in the DNS, but not correctly.
  • They are aliases, and their IP addresses have already been found (e.g. www.foo.com and foo.foo.com are aliases if both names point to the same IP address). Selket will show only one machine per IP address.

Back to top

Some machines that I did not expect to see are on the Selket. Why?
The machines are recorded in the name server which has authority on the subscriber's domain.
Back to top
New Release of Luxor CRM Set to Redefine Standards for Hosted CRM 05/08

Atum Makes The Profit 100 List 11/06

New Home Reflects Exciting Growth for Atum 11/06

Luxor CRM Helps PSC Industrial Services Transport Sales to A New Level 04/06
CRM Breakfast Seminar
Join Atum Corporation’s CRM experts for a free breakfast seminar discussing CRM best practices and industry trends. More information
Sign Up for deLux - the Luxor CRM Newsletter
Welcome to Adobe GoLive 5

Copyright 2002 Atum Corporation *All rights reserved

Terms of Use | Privacy Policy | SLA Agreement | SiteMap