mailing list archives
[PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field)
From: batz <batsy () VAPOUR NET>
Date: Tue, 12 Sep 2000 09:11:07 -0400
On Mon, 11 Sep 2000, Carric Dooley wrote:
:- I think the best tools for network mapping may be the free stuff (used
:Visio 2K Enterprise... extremely painful. The SolarWinds stuff is nice
:though. That with nmap, nlog can go a long way. SolarWinds or SuperScanner
:are extremely fast and can give you a host list to work with. I would maybe
:go back with those host lists and feed them to ISS Scanner, and nmap. Maybe
:cybercop or nessus too. Depends on what you are trying to accomplish.
Mapping the network, and making a network map require seperate tools.
Mapping is best done with nessus, firewalk, ping, traceroute, and
the route servers for network and transport layer. tcpdump, arp and
anti-sniff for ethernet/link layer. Nmap is fine for session. Application,
well, that's brute forcers, skriptz, whisker, and good old fashioned
kung-f00 with some genuine clue thrown in for good measure.
Some of the commercial tools do mapping AFAIK, and are useful for comparing
your results to, but pointing tkined, visio 2k, or cheops at a network
probably won't give you a thorough picture. If you wouldn't bill your
clients for cookie cutter cybercop/iss/retina/nmap/nessus reports, why
would you bill them for the same from a network mapping package?
Making a network map; White board, and visio has cute widgets.
Each layer of the protocol stack is a map unto itself. Tool based
methodologies have the inherant problem of a top down approach.
They enumerate services and their associated vulnerabilities and
then induce that by there being a service and vuln, there must be a
host, which implies a network, and vaguely suggests an underlying
Seems logical right? It is, but it's still wrong. It's consistant
with an inductive method, it's true within the scope of what is required
for a network to exist, but it's totally incomplete.
Re: [PEN-TEST] How to "break into" the Pen-Testing field J. Oquendo (Sep 10)
Re: [PEN-TEST] How to "break into" the Pen-Testing field Oliver Petruzel (Sep 11)
Re: [PEN-TEST] How to "break into" the Pen-Testing field Litscher, Steven (Sep 11)
Re: [PEN-TEST] How to "break into" the Pen-Testing field Dunker, Noah (Sep 11)
Re: [PEN-TEST] How to "break into" the Pen-Testing field Chris Romeo (Sep 11)
Re: [PEN-TEST] How to "break into" the Pen-Testing field Rossman, Hart M. (Sep 11)