Re: [fw-wiz] scanning...
From: Julian M D (julianmd_at_gmail.com)
To: "Hile.William@epamail.epa.gov" <Hile.William@epamail.epa.gov> Date: Thu, 3 Nov 2005 00:10:07 -0500
I feel your pain, I'm exactly in the same situation. Here's what helped me
get the big picture!
On 11/2/05, Hile.William@epamail.epa.gov <Hile.William@epamail.epa.gov>
> NMAP would be an excellent tool... you can put in the IP range or subnet
> with that... As far as traversing firewalls... it will only report what
> ports are allowed through the firewall for each host... so you are firewall
> ruleset dependant so it may not give you complete results for a host on the
> other side of a firewall... It will report as an example port 80 is allowed
> through and httpd is running on the host in question so it will report that
> service but smptd is also running on the server however its not allowed
> through the firewall from you so you will not know its listening because you
> cant see the port... so you are basically bound to your firewall rule set
> there could be servers beyond your firewall that are up and functional but
> that you do not have access to any of the services running on them so from
> your perspective they will essentially be down.
> *Brian Loe <email@example.com>*
> 11/02/2005 02:31 PM
> William Hile/RTP/USEPA/US@EPA cc
> firstname.lastname@example.org Subject
> Re: [fw-wiz] scanning...
> I was going to mention nmap - which I wouldn't mind using in this effort
> at all. The question is, will it traverse the firewalls?
> Isn't there a "true" management network operation you can use on Cisco
> boxes that work as a "private VLAN" and be passed via most any device - even
> a PIX (and they think they're a part of VLAN 1 or whatever, right?)? Words
> in "s are there for a lack of better ones, or my lack of understanding.
> On 11/2/05, *Hile.William@epamail.epa.gov* <Hile.William@epamail.epa.gov><
> * Hile.William@epamail.epa.gov* <Hile.William@epamail.epa.gov>> wrote:
> I think I would approach this from a ummm hacker mentatility... I know a
> little info and I need to gain all the information I can.. I think I would
> probably start with something simple like angry IP scanner and input the
> subnet (of course make sure you have permission to scan the network) and go
> from there. There are tons of free tools out there that can ip walk and OS
> guess but just make sure you have full permission to make you scans before
> doing so. humm seems that whatsup gold (there's a free trial out there) will
> do network discovery and even seems that it will do so via whatever port you
> choose... Its been awhile since i used it... and I know it will monitor your
> server/workstations via whatever port but I cant remember how it does net
> discovery... And if you have free reign of the network use this as a
> learning exp and try out several ways to do what you are trying to
> accomplish... and see which one is better and or produces the most output...
> I wish you luck
> Let me know how things turn out.....
> *Brian Loe <**email@example.com* <firstname.lastname@example.org>*>*
> Sent by: *email@example.com*<firstname.lastname@example.org>
> 11/02/2005 09:22 AM
> [fw-wiz] scanning...
> Let me ask all of you a fairly generic question that should garner
> lots of different ideas. Let us say that you have gone to work for a
> new company as a network admin. It is a fairly complex network with
> multiple routers, switches and firewalls (a firewall for every router,
> let's say). The current network team has no formal training and have
> done all of their learning on the job, following a contracting company
> who was paid to initially setup the network.
> Okay, so how would you go about mapping out this network? You don't
> have the understanding of devices by name yet, and each device is
> likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
> live on a "management network", but it's only "management" because
> it's a subnet which has been given telnet access to all of the devices
> on the network - in other words, scanning with your usual tool (LAN
> MapShot from Fluke - in my case, because it CAN start a pretty good
> network diagram directly in Visio) from your "management" network
> won't show you anything than it will from any other subnet.
> Follow what I mean? Ideas? Pretend the network is yours and you're
> free to change anything you want - where would you start?
> firewall-wizards mailing list *
firewall-wizards mailing list