Re: Network discovery
From: Byron Sonne (blsonne_at_rogers.com)
Date: 02/03/04
- Previous message: Donald Gerkin: "Security Evaluation Project"
- In reply to: Tran, John: "RE: Network discovery"
- Next in thread: Moody, Chris: "RE: Network discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 02 Feb 2004 18:59:20 -0500 To: security-basics@securityfocus.com
> I would like to ask all of you, if you have every used a network discovery
> tool? I have a network with more than 5000 PC's and more than 70 sites in
> the country. I would like to create an analysis about the network nodes,
> line between them, speed of the lines etc. Would it be possible with a tool
> to discover the whole internal network, with routers, gateways and all the
> important datas?
No.
You could run a number of utilities/programs which will enumerate
alot/most of the devices on your network and provide quite a bit of
information.
It will help you compose a map, but nothing that you can plop on a
computer and run or plug into your network will give you a truly good
map unless your network is configured perfectly, uses common hardware,
has a fairly vanilla config, etc. Even then, I seriously doubt you'll
get a complete picture. I think bad information is worse than no
information at all as it can lead you to make false assumptions. Also,
consider the case that if *you* can get all the information, perhaps a
*cracker* (which is what most people mean when they abuse and misuse the
term 'hacker') could too.
But I digress... there are a number of gotchas you must be aware of.
Some of these gotchas are:
(1) devices that only listen; they don't transmit on the network. Not
just sniffers.
(2) Filtering or Translating proxies of whatever description.
(3) NAT (Network Address Translation)
(4) Firewalls
(5) Custom hardware/software/protocols
(6) Encryption
(7) Temporary power or network outages
(8) Design deficiencies in standard network protocols
Some things that can help out alot are:
(a) Good documentation
(b) Well labelled cabling and devices
(c) A sane overall architecture
(d) Good, knowledgeable people
(e) Good tools. Good starter link: http://www.insecure.org/tools.html
(f) Things like Cisco CDP, etc.
You and your skills are the most important thing of all, so read and
learn as much as possible.
Regards,
Byron Sonne
-- For Good, return Good. For Evil, return Justice. --------------------------------------------------------------------------- Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any course! All of our class sizes are guaranteed to be 10 students or less. We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and many other technical hands on courses. Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off any course! ----------------------------------------------------------------------------
- Previous message: Donald Gerkin: "Security Evaluation Project"
- In reply to: Tran, John: "RE: Network discovery"
- Next in thread: Moody, Chris: "RE: Network discovery"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
