RE: internal network mapping & traversal

["Paul Melson" <pmelson () gmail com>]

>       Paul, do the FWSM's respond to L2 cdp queries? Your response started
> me thinking about how a user could map a network from the inside using
cdp.
> I know about the PIX and ASA, but have never worked with the FWSM. Thank
> you.


Hi Richard,

Cisco FWSM does not pass CDP in either L2 transparent or L3 routed modes.
However, I think that using CDP is another good way to find out about a
network you're attached to, for example by getting a list of "neighbor"
devices.  The only problem is that CDP is L2, and so, like ARP, doesn't go
beyond the local subnet/vlan.

CDP is also a great place to start attacking during an internal pen-test.
Yersinia, ettercap, and the Phenoelit cdp utility are all very handy.
Conveniently, these are all part of the current BackTrack tool set.

PaulM



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Top 5 Common Mistakes in 
Securing Web Applications
Get 45 Min Video and PPT Slides

www.cenzic.com/landing/securityfocus/hackinar
------------------------------------------------------------------------