Penetration Testing mailing list archives
RE: Vulnerability Assessment of VLAN
From: S Walker <walker_s () hotmail co uk>
Date: Fri, 14 Jan 2011 08:59:26 +0000
1. If the VLAN you're on is not the trunk (usually 1) then there should only be traffic for that VLAN going through it. If you listen with tcpdump/wireshark on said VLAN, and cause an ARP or other L2 broadcast on another VLAN then you should be able to confirm if this is the case. Otherwise, check vuln lists for the device and OS version (e.g. IOS, CatOS, FTOS) to see if there are any references to VLANs contaminating each other. 2. As Curt said, CIS is a good way to go if the firewall type is on there. If not, you'll have to have a search for that specific breed and/or adapt general sections of the CIS guidelines. If it's a firewall with which you're highly unfamiliar you're best seeing if you can involve someone who knows it, but if that isn't an option then do check the CIS and look over the configuration from a network connectivity PoV, then check the physical and VLAN topology afterwards to confirm that the firewall can't be bypassed by someone just outside it or more distant. S
Date: Thu, 13 Jan 2011 12:12:58 -0500 Subject: Re: Vulnerability Assessment of VLAN From: infosysec () gmail com To: informationhacker08 () gmail com CC: pen-test () securityfocus com Cannot answer #1, but would be interested if there is anything analogous to dsniff on a switched network for VLANs. As for #2, the type and brand of firewall makes a lot of difference, in particular in which vulns & configuration problems you might be looking for. A nice tool for cisco is CIS rat (just feed in the config, and it will spit out problems it finds). A nice short generic whitepaper is one by Bennet Todd. If you are talking about auditing and not pen-testing, look for old, no longer used ACLs. Of the hundreds of lines, many are useless, and may do more harm than good. I have seen holes intentionally stuck in the middle of lists that no one ever saw because it was a rat's nest. Curt Purdy CISSP, GSNA, GSEC, MCSE+I, CCNA infosysec () gmail com purdy () tecman com On Wed, Jan 12, 2011 at 4:16 AM, informationhacker08 <informationhacker08 () gmail com> wrote:1)Conducting Vulnerability assessment of a server that exist in a different VLAN and the your machine is located on other Vlan (No Trunk) 2)Any Good Paper on Firewall Auditing. I have deep interest in Auditing. Any well known paper that describes how to properly Audit a Firewall. What things should we check in Firewall Auditing. Regards Informationhacker08 -- View this message in context: http://old.nabble.com/Vulnerability-Assessment-of-VLAN-tp30631414p30631414.html Sent from the Penetration Testing mailing list archive at Nabble.com. ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Vulnerability Assessment of VLAN informationhacker08 (Jan 13)
- Re: Vulnerability Assessment of VLAN Curt Purdy (Jan 13)
- Re: Vulnerability Assessment of VLAN Christophe Vandeplas (Jan 14)
- RE: Vulnerability Assessment of VLAN S Walker (Jan 14)
- Re: Vulnerability Assessment of VLAN Tracy Reed (Jan 14)
- Re: Vulnerability Assessment of VLAN infosecMosaic (Jan 14)
- Re: Vulnerability Assessment of VLAN Tate Hansen (Jan 14)
- Re: Vulnerability Assessment of VLAN Curt Purdy (Jan 13)