Re: [fw-wiz] scanning...

Hile.William_at_epamail.epa.gov
Date: 11/02/05

  • Next message: Jeff Moss: "[fw-wiz] Black Hat Federal and Europe CFP and Registration now open"
    To: Brian Loe <knobdy@gmail.com>
    Date: Wed, 02 Nov 2005 14:41:53 -0500
    
    

    NMAP would be an excellent tool... you can put in the IP range or subnet
    with that... As far as traversing firewalls... it will only report what
    ports are allowed through the firewall for each host... so you are
    firewall ruleset dependant so it may not give you complete results for a
    host on the other side of a firewall... It will report as an example port
    80 is allowed through and httpd is running on the host in question so it
    will report that service but smptd is also running on the server however
    its not allowed through the firewall from you so you will not know its
    listening because you cant see the port... so you are basically bound to
    your firewall rule set there could be servers beyond your firewall that
    are up and functional but that you do not have access to any of the
    services running on them so from your perspective they will essentially be
    down.

    William

    Brian Loe <knobdy@gmail.com>
    11/02/2005 02:31 PM

    To
    William Hile/RTP/USEPA/US@EPA
    cc
    firewall-wizards@honor.icsalabs.com,
    firewall-wizards-admin@honor.icsalabs.com
    Subject
    Re: [fw-wiz] scanning...

    I was going to mention nmap - which I wouldn't mind using in this effort
    at all. The question is, will it traverse the firewalls?

    Isn't there a "true" management network operation you can use on Cisco
    boxes that work as a "private VLAN" and be passed via most any device -
    even a PIX (and they think they're a part of VLAN 1 or whatever, right?)?
    Words in "s are there for a lack of better ones, or my lack of
    understanding.

    On 11/2/05, Hile.William@epamail.epa.gov < Hile.William@epamail.epa.gov>
    wrote:

    Brian,
    I think I would approach this from a ummm hacker mentatility... I know a
    little info and I need to gain all the information I can.. I think I would
    probably start with something simple like angry IP scanner and input the
    subnet (of course make sure you have permission to scan the network) and
    go from there. There are tons of free tools out there that can ip walk and
    OS guess but just make sure you have full permission to make you scans
    before doing so. humm seems that whatsup gold (there's a free trial out
    there) will do network discovery and even seems that it will do so via
    whatever port you choose... Its been awhile since i used it... and I know
    it will monitor your server/workstations via whatever port but I cant
    remember how it does net discovery... And if you have free reign of the
    network use this as a learning exp and try out several ways to do what you
    are trying to accomplish... and see which one is better and or produces
    the most output...

    I wish you luck

    Let me know how things turn out.....

    William

    Brian Loe <knobdy@gmail.com>
    Sent by: firewall-wizards-admin@honor.icsalabs.com
    11/02/2005 09:22 AM

    To
    firewall-wizards@honor.icsalabs.com
    cc

    Subject
    [fw-wiz] scanning...

    Let me ask all of you a fairly generic question that should garner
    lots of different ideas. Let us say that you have gone to work for a
    new company as a network admin. It is a fairly complex network with
    multiple routers, switches and firewalls (a firewall for every router,
    let's say). The current network team has no formal training and have
    done all of their learning on the job, following a contracting company
    who was paid to initially setup the network.

    Okay, so how would you go about mapping out this network? You don't
    have the understanding of devices by name yet, and each device is
    likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
    live on a "management network", but it's only "management" because
    it's a subnet which has been given telnet access to all of the devices
    on the network - in other words, scanning with your usual tool (LAN
    MapShot from Fluke - in my case, because it CAN start a pretty good
    network diagram directly in Visio) from your "management" network
    won't show you anything than it will from any other subnet.

    Follow what I mean? Ideas? Pretend the network is yours and you're
    free to change anything you want - where would you start?
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Jeff Moss: "[fw-wiz] Black Hat Federal and Europe CFP and Registration now open"