Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: [PEN-TEST] Network Access Device Scanning
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Sun, 10 Sep 2000 11:21:03 -0700

Carv,

Good answer, but if one looks at the typical commercial scanners available,
they have about 4 checks for Network Access Devices, and that is about it.

On some of the Network Access Devices, Telnet is not an option (as in the
case of a CSU/DSU set with no password) or a APC UPS which has http, ftp,
and tftp default on but not telnet.

SNMP is good to a point is the community strings and access control lists
have not been set (usually public, private and no access control list).

What the ideal would be is to create a scanner that could properly identify
a Network Access Device, once it had identified it, go through a list of
vulnerabilities, exploits, and Industry Best Practices check (ACL LINT or
something  like that), and produce a report similiar to a commercially
available scanner.

This would be a useful tool when engaged to conduct a security assessment
on a large Service Provider with big pipes (i.e. Foundry, High End Cisco,
Lucent Switches).

The info should be split into two parts:

Unresponsive Hosts
Responsive Hosts with info

At 11:49 AM 9/10/00 +0000, H Carvey wrote:
Mark,

I would think that you have a couple of options
available to you:

1.  Using Perl, create a script using Net::Telnet
that accesses the devices.  I believe that there
is even a Cisco-specific Perl module that may work
for you.  Assuming that this information is part
of an internal vulnerability assessment, there
should be no problem getting the necessary
passwords from the network admins...and that
information (ie, passwords strength, if the
password varies between systems, etc) can also
assist your assessment.

2.  Using Perl, create a script using
Net::SNMP...and collect the necessary information
from MIB-II.  If you need info from
vendor-specific MIBs, that info can go into a db
table of some sort.

Carv


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]