RE: Network discovery

[Guillaume Lavoix <glavoix () altadis com>]

Hi,

You can also use HP Openview and select the automatic
Discovery, normally, it is not something that is recommended
To do, but I can assure you that it works, and that you will get
A map with most of your "objects", the only thing is that if you have
To many (network devices), your openview map will soon
Become a mess.

Also HP Openview is not free, so it might be too expensive, for
You budget, nevertheless you can use it for a 1 month trial period.

See you,
Guillaume



-----Mensaje original-----
De: Byron Sonne [mailto:blsonne () rogers com]
Enviado el: martes, 03 de febrero de 2004 0:59
Para: security-basics () securityfocus com
Asunto: Re: Network discovery


> I would like to ask all of you, if you have every used a network
> discovery tool? I have a network with more than 5000 PC's and more
> than 70 sites in the country. I would like to create an analysis about
> the network nodes, line between them, speed of the lines etc. Would it
> be possible with a tool to discover the whole internal network, with
> routers, gateways and all the important datas?

No.

You could run a number of utilities/programs which will enumerate alot/most
of the devices on your network and provide quite a bit of information.

It will help you compose a map, but nothing that you can plop on a computer
and run or plug into your network will give you a truly good map unless your
network is configured perfectly, uses common hardware, has a fairly vanilla
config, etc. Even then, I seriously doubt you'll get a complete picture. I
think bad information is worse than no information at all as it can lead you
to make false assumptions. Also, consider the case that if *you* can get all
the information, perhaps a
*cracker* (which is what most people mean when they abuse and misuse the
term 'hacker') could too.

But I digress... there are a number of gotchas you must be aware of. Some of
these gotchas are:

(1) devices that only listen; they don't transmit on the network. Not just
sniffers.
(2) Filtering or Translating proxies of whatever description.
(3) NAT (Network Address Translation)
(4) Firewalls
(5) Custom hardware/software/protocols
(6) Encryption
(7) Temporary power or network outages
(8) Design deficiencies in standard network protocols

Some things that can help out alot are:
(a) Good documentation
(b) Well labelled cabling and devices
(c) A sane overall architecture
(d) Good, knowledgeable people
(e) Good tools. Good starter link: http://www.insecure.org/tools.html
(f) Things like Cisco CDP, etc.

You and your skills are the most important thing of all, so read and learn
as much as possible.

Regards,
Byron Sonne


--

For Good, return Good. For Evil, return Justice.


---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any
course! All of our class sizes are guaranteed to be 10 students or less. We
provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, and
many other technical hands on courses. Visit us at
http://www.infosecinstitute.com/securityfocus to get $720 off any course!
----------------------------------------------------------------------------

---------------------------------------------------------------------------
Ethical Hacking at InfoSec Institute. Mention this ad and get $720 off any 
course! All of our class sizes are guaranteed to be 10 students or less. 
We provide Ethical Hacking, Advanced Ethical Hacking, Intrusion Prevention, 
and many other technical hands on courses. 
Visit us at http://www.infosecinstitute.com/securityfocus to get $720 off 
any course!  
----------------------------------------------------------------------------