Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT: the detection of illegal gateways

From: ulric () siag nu
Date: Wed, 19 May 2010 09:14:49 +0200
Citerar J Hein <j.hein () ymail com>:
Are there any good products for detecting illegally installed boxes with a routing capability? One of my fellow consultants suggested IP Sonar (by Lumeta) for this purpose which (as he claims) has been successfully used by BT in the past. From the product description I've got an impression that IP Sonar cleverly uses traceroute for detecting routers that illegally exchange information between internal networks and the internet (so called "network leaks"). 

Wouldn't that just be something like:

route add host 1.1.1.1 gw suspecthost
traceroute 1.1.1.1

And see what suspecthost does. Repeat for other suspects.
For this to work, you have to be on the same network as suspecthost. I don't think it is possible to check this reliably otherwise. 

Ulric


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: