nanog mailing list archives

Re: Penetration Test Assistance

From: Harry Hoffman <hhoffman () ip-solutions net>
Date: Tue, 05 Jun 2012 14:37:37 -0400

There are lots of reasons why a pentester would want a network diagram.

The foremost being a point to which they can say, these are the networksthat I was given as a point of reference to pentest.

This is often a CYA policy for when people start complaining about thescanning that is going to occur and potentially break their systems.


Cheers,
Harry

On 06/05/2012 02:34 PM, Darden, Patrick S. wrote:


I'm with Barry--a network diagram showing everything from the pov of the pen team should be part of the end report.

--p

-----Original Message-----
From: Barry Greene [mailto:bgreene () senki org]

Hi Tim,

A _good_ pen test team would not need a network diagram. Their first round of penetration test would have them build 
their own network diagram from their analysis of your network.

Barry

Current thread:

Re: Penetration Test Assistance, (continued)
- Re: Penetration Test Assistance jim deleskie (Jun 05)
- Re: Penetration Test Assistance Joel jaeggli (Jun 05)
- Re: Penetration Test Assistance Quinn Kuzmich (Jun 05)
- RE: Penetration Test Assistance Baklarz, Ron (Jun 05)
  - Re: Penetration Test Assistance dennis (Jun 05)
- Re: Penetration Test Assistance William Herrin (Jun 05)
- Re: Penetration Test Assistance Aled Morris (Jun 05)
  - RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
- Re: Penetration Test Assistance Barry Greene (Jun 05)
  - RE: Penetration Test Assistance Darden, Patrick S. (Jun 05)
    - Re: Penetration Test Assistance Harry Hoffman (Jun 05)
    - Re: Penetration Test Assistance Brett Watson (Jun 05)
- Re: Penetration Test Assistance Leo Bicknell (Jun 05)