Penetration Testing mailing list archives
Re: internal network mapping & traversal
From: "Paul Melson" <pmelson () gmail com>
Date: Tue, 23 Sep 2008 21:51:25 -0400
Even completely firewalled devices typically will respond to arp probes.
Be careful with this assumption. It's generally true of host firewalls, but if the firewall is part of the infrastructure (Cisco FWSM, for example) or is a separate device, then ARP responses will only be for the local firewall interface and any NAT addresses configured on the firewall. And the proxy-ARP responses from the firewall won't be representative of which hosts are up or down, or in the case of global/hide NAT, how many hosts are actually behind them. I would be especially aware of these caveats if you determine that switchport 802.1X or some other NAC-type-thing is in play. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- internal network mapping & traversal lister (Sep 22)
- Re: internal network mapping & traversal Trygve Aasheim (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- <Possible follow-ups>
- Re: internal network mapping & traversal Robert E. Lee (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- Message not available
- RE: internal network mapping & traversal Paul Melson (Sep 24)
- Re: internal network mapping & traversal Paul Melson (Sep 23)