Penetration Testing mailing list archives
[PEN-TEST] Network Mapping
From: "Curphey, Mark (ISS Atlanta)" <MCurphey () ISS NET>
Date: Wed, 13 Sep 2000 10:51:35 -0400
Mr Batz sir, Hope youre well ? Agreed totally. I guess the question is what sort of map are you trying to acomplish. There are physical maps and logical maps. With NT Hosts for instance you may want to map all the hosts that have accounts in a particular domain (I wrote a Perl script to do this). You may additionally want to map the same hosts based on IP address. You may want to workout backbones and map those to geographical location. I think Batz's point of a multi-layered approach is spot on. We recently did some work using an ODBC and importing data from multiple tools into it. In old days I was an AutoCAd fanatic so was interested to note the last post on AutoDesk. Assuming the tools is part of AutoCAD you should be able to assign layers that can relate directly to a TCP/IP stack and filter layers accordingly. Imagine being able to shut of the trees and see the wood. Imagine being abole to see where databases are physically located, logically located. Imagine shutting of layers to just show where web servers are, where routers sit, where ....... Has anyone gotten really creative and modelled ACL's on network devices ? Imagine a graphical path analysis ? Anyone want to start a project ? -----Original Message----- From: batz [mailto:batsy () VAPOUR NET] Sent: Tuesday, September 12, 2000 9:11 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) On Mon, 11 Sep 2000, Carric Dooley wrote: :- I think the best tools for network mapping may be the free stuff (used :Visio 2K Enterprise... extremely painful. The SolarWinds stuff is nice :though. That with nmap, nlog can go a long way. SolarWinds or SuperScanner :are extremely fast and can give you a host list to work with. I would maybe :go back with those host lists and feed them to ISS Scanner, and nmap. Maybe :cybercop or nessus too. Depends on what you are trying to accomplish. Mapping the network, and making a network map require seperate tools. Mapping is best done with nessus, firewalk, ping, traceroute, and the route servers for network and transport layer. tcpdump, arp and anti-sniff for ethernet/link layer. Nmap is fine for session. Application, well, that's brute forcers, skriptz, whisker, and good old fashioned kung-f00 with some genuine clue thrown in for good measure. Some of the commercial tools do mapping AFAIK, and are useful for comparing your results to, but pointing tkined, visio 2k, or cheops at a network probably won't give you a thorough picture. If you wouldn't bill your clients for cookie cutter cybercop/iss/retina/nmap/nessus reports, why would you bill them for the same from a network mapping package? Making a network map; White board, and visio has cute widgets. Each layer of the protocol stack is a map unto itself. Tool based methodologies have the inherant problem of a top down approach. They enumerate services and their associated vulnerabilities and then induce that by there being a service and vuln, there must be a host, which implies a network, and vaguely suggests an underlying architecture. Seems logical right? It is, but it's still wrong. It's consistant with an inductive method, it's true within the scope of what is required for a network to exist, but it's totally incomplete.
Current thread:
- [PEN-TEST] Network Mapping Curphey, Mark (ISS Atlanta) (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Network Mapping Ollie Whitehouse (Sep 13)
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Network Mapping Mathew Bevan (Sep 14)
- Re: [PEN-TEST] Network Mapping H Carvey (Sep 14)
- Re: [PEN-TEST] Network Mapping Ryan Permeh (Sep 14)
- Re: [PEN-TEST] Network Mapping Greg (Sep 14)
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 14)
- Message not available
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 14)
- Re: [PEN-TEST] Network Mapping H Carvey (Sep 14)
- Re: [PEN-TEST] Network Mapping Frasnelli, Dan (Sep 14)