RE: Topology discover

• Previous message: mikem_at_tridigitalenterprises.com: "Ballpark figures on a PBX assessment"
• Maybe in reply to: RSMC: "Topology discover"
• Next in thread: Steve McLaughlin: "RE: Topology discover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 28 Sep 2005 10:20:27 -0400
To: "RSMC" <smcsoc@yahoo.es>, <pen-test@securityfocus.com>

Lumeta does this. :D

(How's that for a shameless plug? ;) )

Sam

-----Original Message-----
From: RSMC [mailto:smcsoc@yahoo.es]
Sent: Wednesday, September 21, 2005 4:57 PM
To: pen-test@securityfocus.com
Subject: Topology discover

Hi there,

I am currently performing a pen-test in the internal network of a company.
I am used to pen-testing systems and the set of applications they
support, looking for vulnerabilities in software version, logic or
misconfiguration.
I have also considered routing and protocol attacks as ARP spoofing and
RIP packet injection.

But I think I am missing some techniques to find out what the topology
is. I know about traceroute, firewalk and CDP, but I would like to know
if there is a whitepaper or documentation that explains how to find out
as much as possible about the enviroment I am in. Help about discovering
VLANs is also welcomed.

Thanks in advance.

----------------------------------------------------------------------------

--
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers
do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
----------------------------------------------------------------------------
---

• application/x-pkcs7-signature attachment: smime.p7s

• Previous message: mikem_at_tridigitalenterprises.com: "Ballpark figures on a PBX assessment"
• Maybe in reply to: RSMC: "Topology discover"
• Next in thread: Steve McLaughlin: "RE: Topology discover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: Pen-Test and Social Engineering ... may and should be a SE aspect of said Pen-Test. ... I know a place where the security guard barely ... Time of the attacks. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... (Pen-Test) Re: Pen-Test and Social Engineering ... Subject: Pen-Test and Social Engineering ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... Check your website for ... (Pen-Test) RE: Business justification for pentesting ... A comprehensive onsite review can include a pen-test component, ... >Audit your website security with Acunetix Web Vulnerability Scanner: ... Up to 75% of cyber attacks are launched on shopping carts, ... (Pen-Test) RE: Pen-Test and Social Engineering ... Subject: Pen-Test and Social Engineering ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Hackers are concentrating their efforts on attacking applications on your ... Up to 75% of cyber attacks are launched on shopping carts, forms, ... (Pen-Test) Re: Pen-Test and Social Engineering ... I would definitely say that social engineering can be considered part of a pen-test. ... Audit your website security with Acunetix Web Vulnerability Scanner: ... Cross site scripting and other web attacks before hackers do! ... (Pen-Test)