Penetration Testing mailing list archives

Re: Topology discover

From: DMORROW5 () satx rr com
Date: Thu, 22 Sep 2005 10:11:47 -0700

Just a suggestion, but perhaps you should consider looking at any 
router/switch configurations. Sometimes manually mapping out your 
network can be just as insightful as automated methods.

regards,

Dana Morrow

----- Original Message -----
From: RSMC <smcsoc () yahoo es>
Date: Wednesday, September 21, 2005 1:57 pm
Subject: Topology discover


Hi there,

I am currently performing a pen-test in the internal network of a 
company.I am used to pen-testing systems and the set of 
applications they
support, looking for vulnerabilities in software version, logic or
misconfiguration.
I have also considered routing and protocol attacks as ARP 
spoofing and
RIP packet injection.

But I think I am missing some techniques to find out what the

topology

is. I know about traceroute, firewalk and CDP, but I would like to 
knowif there is a whitepaper or documentation that explains how to 
find out
as much as possible about the enviroment I am in. Help about 
discoveringVLANs is also welcomed.

Thanks in advance.


-------------------------------------------------------------------
-----------
Audit your website security with Acunetix Web Vulnerability 
Scanner: 

Hackers are concentrating their efforts on attacking applications 
on your 
website. Up to 75% of cyber attacks are launched on shopping 
carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down 
servers are 
futile against web application hacking. Check your website for 
vulnerabilities 
to SQL injection, Cross site scripting and other web attacks 
before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------
------------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

Current thread:

Topology discover RSMC (Sep 21)
- <Possible follow-ups>
- Re: Topology discover DMORROW5 (Sep 22)
- Re: Topology discover Laurent Constantin (Sep 23)
- RE: Topology discover Samuel R. Baskinger (Sep 29)
- RE: Topology discover Steve McLaughlin (Sep 29)