Re: [fw-wiz] scanning...

From: Paul D. Robertson (paul_at_compuwar.net)
Date: 11/06/05

  • Next message: Jim MacLeod: "Re: [fw-wiz] scanning..." 
    To: Brian Loe <knobdy@gmail.com>
Date: Sun, 6 Nov 2005 13:02:20 -0500 (EST)

    On Wed, 2 Nov 2005, Brian Loe wrote:

    > Let me ask all of you a fairly generic question that should garner
    > lots of different ideas. Let us say that you have gone to work for a
    > new company as a network admin. It is a fairly complex network with
    > multiple routers, switches and firewalls (a firewall for every router,
    > let's say). The current network team has no formal training and have
    > done all of their learning on the job, following a contracting company
    > who was paid to initially setup the network.
    >
    > Okay, so how would you go about mapping out this network? You don't

    1. Have the current staff draw diagrams as they understand the network.
    2. Chase as many wires as you can, documenting what's connected where.
    3. Put switches into mirroring mode and sniff for addresses (IP and MAC)
    and scan the ranges you sniffed (IP and MAC.)
    4. While you're on each switch, actively scan using whatever you're
    comfortalbe with.
    5. Cheops-ng isn't too bad a place to start.
    6. If you have Windows boxes, use WMI to enumerate systems/interfaces.
    7. If someone has SNMP enabled on stuff use that to enumerate stuff.
    8. Scan broadcast addresses for things which will answer to global
    ethernet or IP broadcast addresses, then natural subnet broadcast
    addresses.
    9. Get MAC addresses off the switches, if the switches don't do that,
    then swap them out.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    paul@compuwar.net which may have no basis whatsoever in fact."
    fora.compuwar.net Infosec discussion boards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Jim MacLeod: "Re: [fw-wiz] scanning..."

    Relevant Pages

    • Re: WEP Encryption Key Length
      ... You should broadcast your SSID. ... network when he's configuring his, and so he will choose the same ... MAC address filtering is a mixed bag. ... I had an old access point (WEP only) ...
      (comp.dsp)
    • RE: Identifying a computer
      ... Depending on how your network is designed, ... If your switches are dumb, you'll have to actually go and check ... machine's ARP tables to find out on what segment the host is living on. ... is block their MAC address at the border (using the iptables MAC ...
      (Security-Basics)
    • Re: Latency and broadcast problems on ethernet lan
      ... > network monitoring using netassyst shows little utilisation etc. ... I get good ping times ... I can't see much trouble with the broadcast. ... or retransmits could cause enormous grief when switches get hammered. ...
      (comp.dcom.lans.ethernet)
    • Re: Wieless security (was: Suspend bug)
      ... filter MACs and don't broadcast ESSID. ... MAC filtering is utterly useless as a security measure. ... into your network, but accidentally connecting to the wrong one). ... Not broadcasting an ESSID is going to cause more problems than it ...
      (Fedora)
    • Re: Identifying a computer
      ... Depending on how your network is designed, ... If your switches are dumb, you'll have to actually go and check ... machine's ARP tables to find out on what segment the host is living on. ... is block their MAC address at the border (using the iptables MAC ...
      (Security-Basics)