Re: [fw-wiz] scanning...
Date: 11/02/05

  • Next message: Jeff Moss: "[fw-wiz] Black Hat Federal and Europe CFP and Registration now open"
    To: Brian Loe <>
    Date: Wed, 02 Nov 2005 14:41:53 -0500

    NMAP would be an excellent tool... you can put in the IP range or subnet
    with that... As far as traversing firewalls... it will only report what
    ports are allowed through the firewall for each host... so you are
    firewall ruleset dependant so it may not give you complete results for a
    host on the other side of a firewall... It will report as an example port
    80 is allowed through and httpd is running on the host in question so it
    will report that service but smptd is also running on the server however
    its not allowed through the firewall from you so you will not know its
    listening because you cant see the port... so you are basically bound to
    your firewall rule set there could be servers beyond your firewall that
    are up and functional but that you do not have access to any of the
    services running on them so from your perspective they will essentially be


    Brian Loe <>
    11/02/2005 02:31 PM

    William Hile/RTP/USEPA/US@EPA
    Re: [fw-wiz] scanning...

    I was going to mention nmap - which I wouldn't mind using in this effort
    at all. The question is, will it traverse the firewalls?

    Isn't there a "true" management network operation you can use on Cisco
    boxes that work as a "private VLAN" and be passed via most any device -
    even a PIX (and they think they're a part of VLAN 1 or whatever, right?)?
    Words in "s are there for a lack of better ones, or my lack of

    On 11/2/05, <>

    I think I would approach this from a ummm hacker mentatility... I know a
    little info and I need to gain all the information I can.. I think I would
    probably start with something simple like angry IP scanner and input the
    subnet (of course make sure you have permission to scan the network) and
    go from there. There are tons of free tools out there that can ip walk and
    OS guess but just make sure you have full permission to make you scans
    before doing so. humm seems that whatsup gold (there's a free trial out
    there) will do network discovery and even seems that it will do so via
    whatever port you choose... Its been awhile since i used it... and I know
    it will monitor your server/workstations via whatever port but I cant
    remember how it does net discovery... And if you have free reign of the
    network use this as a learning exp and try out several ways to do what you
    are trying to accomplish... and see which one is better and or produces
    the most output...

    I wish you luck

    Let me know how things turn out.....


    Brian Loe <>
    Sent by:
    11/02/2005 09:22 AM


    [fw-wiz] scanning...

    Let me ask all of you a fairly generic question that should garner
    lots of different ideas. Let us say that you have gone to work for a
    new company as a network admin. It is a fairly complex network with
    multiple routers, switches and firewalls (a firewall for every router,
    let's say). The current network team has no formal training and have
    done all of their learning on the job, following a contracting company
    who was paid to initially setup the network.

    Okay, so how would you go about mapping out this network? You don't
    have the understanding of devices by name yet, and each device is
    likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
    live on a "management network", but it's only "management" because
    it's a subnet which has been given telnet access to all of the devices
    on the network - in other words, scanning with your usual tool (LAN
    MapShot from Fluke - in my case, because it CAN start a pretty good
    network diagram directly in Visio) from your "management" network
    won't show you anything than it will from any other subnet.

    Follow what I mean? Ideas? Pretend the network is yours and you're
    free to change anything you want - where would you start?
    firewall-wizards mailing list

    firewall-wizards mailing list

  • Next message: Jeff Moss: "[fw-wiz] Black Hat Federal and Europe CFP and Registration now open"

    Relevant Pages

    • Re: Turning on Media Sharing in WMP11
      ... I believe it forms quite a reasonable network media device. ... Turning on SSDP (it was disabled as was uPnP) to Manual and then UPnP ... If there is a firewall, or NAT, built into your ... You need to open port s: ...
    • Re: May need to move from SBS because of connection issues
      ... Just to make sure you are clear regarding port 4125, ... access remote systems and you are behind a firewall on a non-SBS network, ... established that RWW worked TO your SBS network from outside. ... have been proof that the required ports were forwarded to the SBS server. ...
    • RE: Secure Network Design (DMZ, LAN, etc)
      ... you'll see that their both on the same subnet. ... It has a port for the trusted network and a port ... Our firewall handles NAT. ... > servers, wouldn't it require a public IP and therefore be somewhat ...
    • Re: Identifying Internet Attacks
      ... contain the hacker to a particular machine, leave the machine on the network ... Some firewall software such as ... open ports; however, this will not identify which program is using the port. ... firewall logs, the IIS web and ftp server logs and Windows security event ...
    • Re: Leopard Firewall Warning
      ... machines on a particular network can access a port. ... The new scheme is an XP-style application based firewall; ... This, as an example, allows an attacker, once ...