Penetration Testing mailing list archives
Re: Scanning Class A network
From: Adam Jones <ajones1 () gmail com>
Date: Wed, 26 Oct 2005 08:26:55 -0700
A lot of people have mentioned the bandwidth involved in doing this, and I wonder if it would be possible to fake an external scan using ip address spoofing and some passive monitoring equipment. The idea would be to take an ip address outset of the networks address range and either assign that to a machine or spoof packets to that address and if you did use spoofing pick up return packets passively as they try to find their way out. Probably should do this with an ip address that you control, otherwise you might get someone just a bit upset. Really though if their firewalls are configured to silently drop packets that do not actually "hit" something (as most of the configurations I see today do) then you will be at this forever. My suggestion is to try and get this divided up. Get an idea of what they are looking for with this audit. If they want insecure machines/rogue servers on systems they know are live then use the arp tables on your routers (as someone suggested earlier) to put together a scan list. If they want to catch unauthorized network connections try to do some work correlating dhcp assignments with known hosts and see what is left over after you are done. My point is that "scan this entire class A 1-65535" is probably A) more data than can be easily interpreted to make useful, B) more work than that data will probably be worth, and C) nowhere near as effective as focusing on specific individual tasks. In the end though the guys that write the checks make the decisions. If trying to get them to take a more reasonable course of action here does not work then a lot of other people have great suggestions on how to get it done. -Adam ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Re: Scanning Class A network, (continued)
- Re: Scanning Class A network Mike Jones (Oct 24)
- Re: Scanning Class A network Justin (Oct 24)
- Re: Scanning Class A network Chris Byrd (Oct 24)
- Re: Scanning Class A network Matt Bellizzi (Oct 24)
- RE: Scanning Class A network Kyle Starkey (Oct 24)
- Re: Scanning Class A network Satanic.Brain (Oct 24)
- Re: Scanning Class A network R. DuFresne (Oct 24)
- Re: Scanning Class A network Steve Micallef (Oct 24)
- Re: Scanning Class A network Volker Tanger (Oct 24)
- RE: Scanning Class A network Talisker (Oct 25)
- Re: Scanning Class A network Adam Jones (Oct 26)
- RE: Scanning Class A network Brian Loe (Oct 26)
- Re: Scanning Class A network barcajax (Oct 24)
- RE: Scanning Class A network Jarmon, Don R (Oct 24)
- RE: Scanning Class A network Mike Thompson (Oct 24)
- RE: Scanning Class A network Josh Perrymon (Oct 24)
- RE: Scanning Class A network Derick Anderson (Oct 24)
- Re: Scanning Class A network Cesar Osorio (Oct 24)
- RE: Scanning Class A network Michael Gargiullo (Oct 25)
- Re: Scanning Class A network tarun_the_nut (Oct 31)