Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field)

[Adrian Lazar <adi77 () HOME COM>]

Autodesk Actrix 2000 does a nice job on helping you draw network maps as
well as others. It has lots of cool features and lots of network equipment
one needs in order to present a nice looking network map. You can see some
samples on their site at:
http://www3.autodesk.com/adsk/section/0,,143026,00.html


        Adrian L. aka HB3^              http://node.bc.ca - Node Solutions
"Every System has a Limit" - HB3^       Specializing in Networking, Security
                                                and Web Development



-----Original Message-----
From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]On Behalf
Of Teicher, Mark
Sent: Tuesday, September 12, 2000 11:24 AM
To: PEN-TEST () SECURITYFOCUS COM
Subject: Re: [PEN-TEST] Network Mapping (was Re: [PEN-TEST] How to
"break into" the Pen-Testing field)


Actually Visio 2k is very cool in drawing very detailed network maps, and
if you have the 99.3 Network Equipment CD, a majority of the vendors have
provided very detailed icons for almost any network diagram.

One can spend hours putting these type of diagrams together.  The cool
thing is when you print on a plotter, they come out very nice.

The one caveat, if you print on a E size plotter, minor line weirdness can
cause some problems

/m

At 09:11 AM 9/12/00 -0400, batz wrote:
> On Mon, 11 Sep 2000, Carric Dooley wrote:
>
> :- I think the best tools for network mapping may be the free stuff (used
> :Visio 2K Enterprise... extremely painful.  The SolarWinds stuff is nice
> :though.  That with nmap, nlog can go a long way.  SolarWinds or
SuperScanner
> :are extremely fast and can give you a host list to work with.  I would
maybe
> :go back with those host lists and feed them to ISS Scanner, and nmap.
Maybe
> :cybercop or nessus too.  Depends on what you are trying to accomplish.
>
>
> Mapping the network, and making a network map require seperate tools.
>
> Mapping is best done with nessus, firewalk, ping, traceroute, and
> the route servers for network and transport layer.  tcpdump, arp and
> anti-sniff for ethernet/link layer. Nmap is fine for session. Application,
> well, that's brute forcers, skriptz, whisker, and good old fashioned
> kung-f00 with some genuine clue thrown in for good measure.
>
> Some of the commercial tools do mapping AFAIK, and are useful for comparing
> your results to, but pointing tkined, visio 2k, or cheops at a network
> probably won't give you a thorough picture. If you wouldn't bill your
> clients for cookie cutter cybercop/iss/retina/nmap/nessus reports, why
> would you bill them for the same from a network mapping package?
>
> Making a network map; White board, and visio has cute widgets.
>
> Each layer of the protocol stack is a map unto itself. Tool based
> methodologies have the inherant problem of a top down approach.
> They enumerate services and their associated vulnerabilities and
> then induce that by there being a service and vuln, there must be a
> host, which implies a network, and vaguely suggests an underlying
> architecture.
>
> Seems logical right? It is, but it's still wrong. It's consistant
> with an inductive method, it's true within the scope of what is required
> for a network to exist, but it's totally incomplete.