Penetration Testing mailing list archives
Re: Mapping a network
From: "Chris Brenton" <cbrenton () chrisbrenton org>
Date: Tue, 15 Sep 2009 13:11:42 -0400 (EDT)
Greets,
a) From the Internet , I think its tough to map an internal network at all.
As it should be. ;-) Couple of possibles: Loading a firewall can usually get it to skip the NAT process occasionally. If you can see traffic leaving the perimeter, this will reveal internal private address info. Watch TTLs and you can usually produce a pretty accurate map. Loose source routing does not work with Cisco or Checkpoint, but it does with many other vendors. Initial entry needs to be via a permitted port (like TCP/53 on a DMZ NS and then head to internal address space). Set the IP timestamp option if you need the replies to follow the same path back.
--- Nmap's ARP scan/Ping scan/known port scan
Don't forget Zenmap. Does a great job of organizing info. I'm a Cheops convert myself. Also, stick with ARP scans as much as possible. This permits you to even tag systems running a personal firewall. Obviously you need to be on the same layer 2 for this to work.
What else?
Broadcast data is extremely helpful. Let's you collect CDP info as well as ID local servers. HTH, Chris -- www.chrisbrenton.org ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Re: Mapping a network, (continued)
- Re: Mapping a network Zack Payton (Sep 17)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Zack Payton (Sep 22)
- Re: Mapping a network Lee (Sep 22)
- Re: Mapping a network Chris Brenton (Sep 23)
- Re: Mapping a network Zack Payton (Sep 23)
- RE: Mapping a network David_Falloon (Sep 24)
- Re: Mapping a network Elizabeth Greene (Sep 23)
- Re: Mapping a network Zack Payton (Sep 17)