Penetration Testing mailing list archives
RE: penetrating a firewalled network
From: "David Ball" <lostinvietnam () hotmail com>
Date: Tue, 06 Jun 2006 11:36:43 +0800
From my own post to SF some months back with a similar question. These
resources helped me out. The full thread is at the following URL: http://www.securityfocus.com/archive/101/421146/30/0/threaded 1. "Host Detection - Generating arbitrary responses to identify inter-networked nodes". http://www.zone-h.org/files/29/responses-tisc.txt 2. "Techniques to validate host connectivity" http://packetstorm.linuxsecurity.com/papers/protocols/host-detection.txt 3. "Diggin em Walls - Detection of Firewalls, and Probing networks behind firewalls". http://neworder.box.sk/newsread.php?newsid=2914 4. "Host Discovery with Nmap" http://www.l0t3k.net/biblio/fingerprinting/en/NMAP-mwdiscovery.pdf Provides different enumeration scenarios (Firewall with Filtering, Firewall with Generic Ruleset, Firewall with specific rules, Stateful Firewall with specific rules) and describes how to customize nmap scans for best results with each scenario. Provides example tcpdump output for each scan. 5. "Strategies for Defeating Distributed Attacks" http://www.megasecurity.org/Dos/Simple_Nomad.txt The title is a little misleading. Do a Find for the word "enumeration" and read from there. Also a very interesting few paragraphs on using non-echo ICMP messages for host enumeration. See especially the section titled "ICMP Defense". 6. "Firewall Penetration Testing" http://www.wittys.com/files/mab/fwpentesting.html (Borrows heavily from the original Firewalk paper but still worth a read) 7. "Network Scanning Techniques" - Ofir Arkin http://www.sys-security.com/archive/papers/Network_Scanning_Techniques.p df 8. "Low Level enumeration with TCP/IP" http://www.securitydocs.com/library/3012/2 TOOLS --------- 1. Mike Shiffman/David Goldsmith's Firewalk paper http://www.packetfactory.net/projects/firewalk/firewalk-final.pdf 2. "Tcptraceroute examples" http://michael.toren.net/code/tcptraceroute/examples.txt 3. "Paratrace Analysis and Defence" (SANS GIAC practical) http://www.giac.org/certified_professionals/practicals/gcih/0392.php Sincerely. David Ball.
"Mohit Agarwal" <mohitz () cse iitb ac in> No Phone Info Available 06/06/2006 02:10 AM Please respond to mohitz () cse iitb ac in To pen-test () securityfocus com cc Subject penetrating a firewalled network Hi, I want to do penetration tests on a firewalled network to find out the network structure and any other info that i can get. Can you suggest some resources to read for the same as i am a noob. -- Mohit ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
_________________________________________________________________Learn English via Shopping Game, FREE! http://www.linguaphonenet.com/BannerTrack.asp?EMSCode=MSN06-03ETFJ-0211E
------------------------------------------------------------------------------ This List Sponsored by: CenzicConcerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details.
------------------------------------------------------------------------------
Current thread:
- penetrating a firewalled network Mohit Agarwal (Jun 05)
- <Possible follow-ups>
- RE: penetrating a firewalled network David Ball (Jun 05)