Firewall Wizards mailing list archives
Re: Ideas on identifying gateways
From: lists () notatla demon co uk
Date: Fri, 15 Mar 2002 01:18:27 +0000 (GMT)
From: Jeff Boles <bolesjb () yahoo com>
Currently struggling with needing to go into an environment completely blind except for IP space and physical access, and identifying/auditing potential gateways / circuits to other networks. ... Although I'm just getting started really thinking about this, my current approach will consist mostly of sniffing traffic for oddities and router behavior,
One crude measure you could take would be to run netstat or ifconfig or something that shows how many packets have traversed an interface since it was brought up. Running this again at a later time gets you new results and subtraction shows the amount of traffic in that interval. Then you can look for statistical correlations between different interfaces; possibly chaining them together into candidate routes. Nearly 2 years ago I read a paper on "stepping stones", I think by Vern Paxson, and that tool performed traffic analysis that enabled him (among other things) to give tickets for "useless use of ssh" to people who reach their ssh client with a telnet session. Getting as many as possible of the routers to keep logs would help - not every packet but something representative. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Ideas on identifying gateways Jeff Boles (Mar 14)
- Re: Ideas on identifying gateways Gary Flynn (Mar 29)
- <Possible follow-ups>
- Re: Ideas on identifying gateways lists (Mar 15)
- Re: Ideas on identifying gateways Bill_Royds (Mar 15)