Penetration Testing mailing list archives
Re: [Newbie] Info about ISP Gateways
From: "David Swafford" <dswafford () alterhighschool org>
Date: Thu, 15 Mar 2007 08:17:21 -0500
Hi GJK again, I think I may have misunderstood your original question. I'm thinking that you are asking how you would test devices that are basically behind a NAT wall? If that's your question then you would probably only be able to test the security of the public devices on that customers' network from the outside. Though do not overlook this because all you need is one public server from their network that you could take control of and then use that as a relay into the inside network. I'm not too sure on all the specifics but I'm thinking that if you were somehow able to get netcat running on a system that's public you could probably tunnel through that. If social engineering is part of your test maybe you could create an automated NetCat script that will launch from an end users machine and create a connection to your system and return a shell, that's my closest thoughts on how to approach this. David.
"Gerrit @ DeadSet Internet Technologies" <info () deadset-tech com>
3/15/2007 8:56 am >>> Hi David Thanks for the reply.... Well, it seems like a bunch of VLAN's but all these VLAN's are behind a single public IP, how do I reach the private ip's behind this? As for all the documentation, well, yes I will not attempt to do any testing before they are in place ;) Thanks GJK At 02:38 PM 15/03/2007, you wrote:
Hi GJK, welcome to the pen-testing list. Regarding the private networks, this is just means that they are just
a
bunch of VLANs with subnets. The ISP gateway (not on the customer premise but at the central office or nearest neighborhood DSL pod) itself would just forward traffic normally, usually an ISP's upstream gateway does little or no filtering in regards to security so your methods of testing from your DSL connection into another DSL
connection
should be unaffected by how the ISP has chosen to structure the
network.
Since you mentioned being a newbie, I feel that it is a good that I mention this: make sure that you have a written contract detailing
your
tasks and the scope of the project. Even testing a simple DSL connection for a small business can become a problem if the contract
is
not done properly or not at all, remember to not overlook this vital step in the process. David. CCNA, CEH, Security+, Network+"Gerrit @ DeadSet Internet Technologies" <info () deadset-tech com>3/14/2007 6:52 am >>> Hi I am new to this Pen-Testing idea, just finished the CEH course but that only showed how much I actually need to learn. Problem number one: I am on a Wireless/ADSL line, the ISP divided all the Wireless customer into separate "private" networks that then go through a gateway. To to vulnerability tests on customers on my same network from my office is a breeze, but to do it on the other networks will be a problem. Does that mean I need to "break" through the ISP's gateway first in order to reach the other "private" networks? Problem number two: Should I need to "break" through the gateway of the ISP to reach these customers then I guess the ISP might not be very happy about it, right? So what way is there around that? Thanks GJK ------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
------------------------------------------------------------------------ This List Sponsored by: Cenzic Need to secure your web apps? Cenzic Hailstorm finds vulnerabilities fast. Click the link to buy it, try it or download Hailstorm for FREE. http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW ------------------------------------------------------------------------
Current thread:
- [Newbie] Info about ISP Gateways Gerrit @ DeadSet Internet Technologies (Mar 14)
- Re: [Newbie] Info about ISP Gateways David Swafford (Mar 18)
- Message not available
- Re: [Newbie] Info about ISP Gateways David Swafford (Mar 18)
- Message not available
- Re: [Newbie] Info about ISP Gateways David Swafford (Mar 18)