mailing list archives
Re: [PEN-TEST] Network Access Device Scanning
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Sun, 10 Sep 2000 11:21:03 -0700
Good answer, but if one looks at the typical commercial scanners available,
they have about 4 checks for Network Access Devices, and that is about it.
On some of the Network Access Devices, Telnet is not an option (as in the
case of a CSU/DSU set with no password) or a APC UPS which has http, ftp,
and tftp default on but not telnet.
SNMP is good to a point is the community strings and access control lists
have not been set (usually public, private and no access control list).
What the ideal would be is to create a scanner that could properly identify
a Network Access Device, once it had identified it, go through a list of
vulnerabilities, exploits, and Industry Best Practices check (ACL LINT or
something like that), and produce a report similiar to a commercially
This would be a useful tool when engaged to conduct a security assessment
on a large Service Provider with big pipes (i.e. Foundry, High End Cisco,
The info should be split into two parts:
Responsive Hosts with info
At 11:49 AM 9/10/00 +0000, H Carvey wrote:
I would think that you have a couple of options
available to you:
1. Using Perl, create a script using Net::Telnet
that accesses the devices. I believe that there
is even a Cisco-specific Perl module that may work
for you. Assuming that this information is part
of an internal vulnerability assessment, there
should be no problem getting the necessary
passwords from the network admins...and that
information (ie, passwords strength, if the
password varies between systems, etc) can also
assist your assessment.
2. Using Perl, create a script using
Net::SNMP...and collect the necessary information
from MIB-II. If you need info from
vendor-specific MIBs, that info can go into a db
table of some sort.