Penetration Testing mailing list archives
Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field)
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Wed, 13 Sep 2000 10:53:07 -0700
Carric, The numeric code in the database if properly identified by Visio Auto Discovery is the sysOid. The AutoDiscovery engine is based on SNMP network discovery, and other variants.. Actually if one plays with the scanning (there are internal parameters that aren't documented) parameters one can limit the scope of the scan for a very large network, Basically you have run multiple discoverys to get a complete picture The same issue exists when using HP OpenView Auto Discovery, but there are some people on the list who have found a workaround to make the Discovery process faster /mark At 10:55 AM 9/13/00 -0400, Carric Dooley wrote:
I was referring specifically to the "autolayout" and limitations of OS identification Mark. If you find Visio either does not know what an object is, or ID's it incorrectly, you would have to go back and hand-edit the object special properties. That information is NOT in the database (a numeric code in the database tells visio which OS tag to use, and that info appears to be inside the app... oh, no way to automate special properties updates either, since that data is part of the vsd and not in the database either). The scanning is slow as hell too. It reads every route in every route table in every router as it discovers one at a time, and it's is essentially impossible to limit the scope of the scan on a large network (visio defines "one hop" as anything connected to the next routers down stream it finds and there is not way to limit viso to "0" hops). For a little network Visio is great, or if you have unlimited time, you can do a large netowrk too, it will just take you about as long as it took to build the pyramids to complete. If you don't believe me, do an autolayout for a network in the thousands of nodes and you will see what I mean. =) ----- Original Message ----- From: "Teicher, Mark" <mark.teicher () NETWORKICE COM> To: <PEN-TEST () SECURITYFOCUS COM> Sent: Tuesday, September 12, 2000 2:23 PM Subject: Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) > Actually Visio 2k is very cool in drawing very detailed network maps, and > if you have the 99.3 Network Equipment CD, a majority of the vendors have > provided very detailed icons for almost any network diagram. > > One can spend hours putting these type of diagrams together. The cool > thing is when you print on a plotter, they come out very nice. > > The one caveat, if you print on a E size plotter, minor line weirdness can > cause some problems > > /m > > At 09:11 AM 9/12/00 -0400, batz wrote: > >On Mon, 11 Sep 2000, Carric Dooley wrote: > > > >:- I think the best tools for network mapping may be the free stuff (used > >:Visio 2K Enterprise... extremely painful. The SolarWinds stuff is nice > >:though. That with nmap, nlog can go a long way. SolarWinds or SuperScanner > >:are extremely fast and can give you a host list to work with. I would maybe > >:go back with those host lists and feed them to ISS Scanner, and nmap. Maybe > >:cybercop or nessus too. Depends on what you are trying to accomplish. > > > > > >Mapping the network, and making a network map require seperate tools. > > > >Mapping is best done with nessus, firewalk, ping, traceroute, and > >the route servers for network and transport layer. tcpdump, arp and > >anti-sniff for ethernet/link layer. Nmap is fine for session. Application, > >well, that's brute forcers, skriptz, whisker, and good old fashioned > >kung-f00 with some genuine clue thrown in for good measure. > > > >Some of the commercial tools do mapping AFAIK, and are useful for comparing > >your results to, but pointing tkined, visio 2k, or cheops at a network > >probably won't give you a thorough picture. If you wouldn't bill your > >clients for cookie cutter cybercop/iss/retina/nmap/nessus reports, why > >would you bill them for the same from a network mapping package? > > > >Making a network map; White board, and visio has cute widgets. > > > >Each layer of the protocol stack is a map unto itself. Tool based > >methodologies have the inherant problem of a top down approach. > >They enumerate services and their associated vulnerabilities and > >then induce that by there being a service and vuln, there must be a > >host, which implies a network, and vaguely suggests an underlying > >architecture. > > > >Seems logical right? It is, but it's still wrong. It's consistant > >with an inductive method, it's true within the scope of what is required > >for a network to exist, but it's totally incomplete. >
Current thread:
- Re: [PEN-TEST] How to "break into" the Pen-Testing field, (continued)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 11)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Bennett Todd (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Teicher, Mark (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Frasnelli, Dan (Sep 12)
- Re: [PEN-TEST] How to "break into" the Pen-Testing field Carric Dooley (Sep 12)
- Message not available
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Adrian Lazar (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Visio bites Carric Dooley (Sep 14)
- Re: [PEN-TEST] Visio bites batz (Sep 14)
- [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) batz (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Jose Nazario (Sep 12)
- Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) Carric Dooley (Sep 13)