Firewall Wizards: Re: scanning...

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Firewall Wizards mailing list archives

Re: scanning...

From: Hile.William () epamail epa gov
Date: Wed, 02 Nov 2005 14:41:53 -0500

NMAP would be an excellent tool... you can put in the IP range or subnet 
with that... As far as traversing firewalls... it will only report what 
ports are allowed through the firewall for each host... so you are 
firewall ruleset dependant so it may not give you complete results for a 
host on the other side of a firewall... It will report as an example port 
80 is allowed through and httpd is running on the host in question so it 
will report that service but smptd is also running on the server however 
its not allowed through the firewall from you so you will not know its 
listening because you cant see the port... so you are basically bound to 
your firewall rule set  there could be servers beyond your firewall that 
are up and functional but that you do not have access to any of the 
services running on them so from your perspective they will essentially be 
down. 



William 




Brian Loe <knobdy () gmail com> 
11/02/2005 02:31 PM

To
William Hile/RTP/USEPA/US () EPA
cc
firewall-wizards () honor icsalabs com, 
firewall-wizards-admin () honor icsalabs com
Subject
Re: [fw-wiz] scanning...






I was going to mention nmap - which I wouldn't mind using in this effort 
at all. The question is, will it traverse the firewalls?

Isn't there a "true" management network operation you can use on Cisco 
boxes that work as a "private VLAN" and be passed via most any device - 
even a PIX (and they think they're a part of VLAN 1 or whatever, right?)? 
Words in "s are there for a lack of better ones, or my lack of 
understanding. 

On 11/2/05, Hile.William () epamail epa gov < Hile.William () epamail epa gov> 
wrote:

Brian, 
I think I would approach this from a ummm hacker mentatility... I know a 
little info and I need to gain all the information I can.. I think I would 
probably start with something simple like angry IP scanner and input the 
subnet (of  course make sure you have permission to scan the network) and 
go from there. There are tons of free tools out there that can ip walk and 
OS guess but just make sure you have full permission to make you scans 
before doing so. humm seems that whatsup gold (there's a free trial out 
there) will do network discovery and even seems that it will do so via 
whatever port you choose... Its been awhile since i used it... and I know 
it will monitor your server/workstations via whatever port but I cant 
remember how it does net discovery... And if you have free reign of the 
network use this as a learning exp and try out several ways to do what you 
are trying to accomplish... and see which one is better and or produces 
the most output... 

I wish you luck 

Let me know how things turn out..... 

William 



Brian Loe <knobdy () gmail com> 
Sent by: firewall-wizards-admin () honor icsalabs com 
11/02/2005 09:22 AM 


To
firewall-wizards () honor icsalabs com 
cc

Subject
[fw-wiz] scanning...








Let me ask all of you a fairly generic question that should garner
lots of different ideas. Let us say that you have gone to work for a
new company as a network admin. It is a fairly complex network with
multiple routers, switches and firewalls (a firewall for every router,
let's say). The current network team has no formal training and have
done all of their learning on the job, following a contracting company
who was paid to initially setup the network.

Okay, so how would you go about mapping out this network? You don't
have the understanding of devices by name yet, and each device is
likely to have 20 interfaces on it, with 20 IPs for 20 networks! You
live on a "management network", but it's only "management" because
it's a subnet which has been given telnet access to all of the devices
on the network - in other words, scanning with your usual tool (LAN
MapShot from Fluke - in my case, because it CAN start a pretty good
network diagram directly in Visio) from your "management" network
won't show you anything than it will from any other subnet.

Follow what I mean? Ideas? Pretend the network is yours and you're
free to change anything you want - where would you start?
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

By Date By Thread

Current thread:

RE: scanning..., (continued)
- Re: scanning... Paul D. Robertson (Nov 06)
  - Re: scanning... Jim MacLeod (Nov 06)
  - Re: scanning... Oddbjørn Steffensen (Nov 10)
- Re: scanning... Carric Dooley (Nov 16)
- Re: scanning... Hile . William (Nov 02)
  - Re: scanning... Julian M D (Nov 04)
    - Re: scanning... Brian Loe (Nov 04)
    - Re: scanning... Julian M D (Nov 04)