Penetration Testing mailing list archives

Re: internal network mapping & traversal

From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 23 Sep 2008 21:51:25 -0400

Even completely firewalled devices typically will respond to arp probes.


Be careful with this assumption.  It's generally true of host
firewalls, but if the firewall is part of the infrastructure (Cisco
FWSM, for example) or is a separate device, then ARP responses will
only be for the local firewall interface and any NAT addresses
configured on the firewall.  And the proxy-ARP responses from the
firewall won't be representative of which hosts are up or down, or in
the case of global/hide NAT, how many hosts are actually behind them.
I would be especially aware of these caveats if you determine that
switchport 802.1X or some other NAC-type-thing is in play.

PaulM

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------

Current thread:

internal network mapping & traversal lister (Sep 22)
- Re: internal network mapping & traversal Trygve Aasheim (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- <Possible follow-ups>
- Re: internal network mapping & traversal Robert E. Lee (Sep 23)
  - Re: internal network mapping & traversal Paul Melson (Sep 23)
    - Message not available
    - RE: internal network mapping & traversal Paul Melson (Sep 24)