Penetration Testing mailing list archives
Re: [PEN-TEST] Network Access Device Scanning
From: "Teicher, Mark" <mark.teicher () NETWORKICE COM>
Date: Sun, 10 Sep 2000 11:21:03 -0700
Carv, Good answer, but if one looks at the typical commercial scanners available, they have about 4 checks for Network Access Devices, and that is about it. On some of the Network Access Devices, Telnet is not an option (as in the case of a CSU/DSU set with no password) or a APC UPS which has http, ftp, and tftp default on but not telnet. SNMP is good to a point is the community strings and access control lists have not been set (usually public, private and no access control list). What the ideal would be is to create a scanner that could properly identify a Network Access Device, once it had identified it, go through a list of vulnerabilities, exploits, and Industry Best Practices check (ACL LINT or something like that), and produce a report similiar to a commercially available scanner. This would be a useful tool when engaged to conduct a security assessment on a large Service Provider with big pipes (i.e. Foundry, High End Cisco, Lucent Switches). The info should be split into two parts: Unresponsive Hosts Responsive Hosts with info At 11:49 AM 9/10/00 +0000, H Carvey wrote:
Mark, I would think that you have a couple of options available to you: 1. Using Perl, create a script using Net::Telnet that accesses the devices. I believe that there is even a Cisco-specific Perl module that may work for you. Assuming that this information is part of an internal vulnerability assessment, there should be no problem getting the necessary passwords from the network admins...and that information (ie, passwords strength, if the password varies between systems, etc) can also assist your assessment. 2. Using Perl, create a script using Net::SNMP...and collect the necessary information from MIB-II. If you need info from vendor-specific MIBs, that info can go into a db table of some sort. Carv
Current thread:
- Re: [PEN-TEST] Network Access Device Scanning H Carvey (Sep 10)
- Re: [PEN-TEST] Network Access Device Scanning Teicher, Mark (Sep 10)
- <Possible follow-ups>
- Re: [PEN-TEST] Network Access Device Scanning H Carvey (Sep 11)
- Re: [PEN-TEST] Network Access Device Scanning Teicher, Mark (Sep 11)