Penetration Testing mailing list archives
Re: Difficulties in Network Mapping & port scanning
From: david lodge <resident.deity () gmail com>
Date: Tue, 10 Jan 2006 23:23:51 +0000
Many thanks to everyone who replied to my original posting. The number of in-depth technical papers on network scanning and enumeration are thin on the ground from what I can gather. After some research I managed to turn up a few decent papers which go beyond the usual "this is an nmap SYN scan" and
This is the usual problem with a lot of papers; they cover the basics and then leave you to work out what you need yourself. Another technique I've used in the past is that a lot of applications don't always govern security at layer 7. Use the existing holes in the firewall to map out the network beyond. I've seen a number of applications that release information: 1. IIS likes to give out the real IP address in the HTTP headers (though this is patchable) 2. Citrix is also particular about real IP addresses and may release the hidden address with a bit of coaxing 3. I found one webcam manufactor who leaves a selection of 'private information' in the jpeg comment field, this includes real IP address and NTP server address. 4. Debug info for program information (e.g. php, asp) 5. Mail headers - a lot of mail relays forget to rewrite the envelopes 6. Rogue DNS entries (especially the DNS admin's workstation :-) 7. Google (I always do google searches on a company I pen-test. It's amazing how much admins post to forums and mailing list to get help!) Thinking outside the usual technical mechanisms can sometimes be very successful. dave ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Difficulties in Network Mapping & port scanning David Ball (Jan 03)
- Re: Difficulties in Network Mapping & port scanning Pete Herzog (Jan 04)
- Re: Difficulties in Network Mapping & port scanning Petr . Kazil (Jan 15)
- Re: Difficulties in Network Mapping & port scanning Don Parker (Jan 05)
- Re: Difficulties in Network Mapping & port scanning David Ball (Jan 07)
- Re: Difficulties in Network Mapping & port scanning david lodge (Jan 11)
- Re: Difficulties in Network Mapping & port scanning David Ball (Jan 07)
- Re: Difficulties in Network Mapping & port scanning Pete Herzog (Jan 04)