Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

RE: scanning...

From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 2 Nov 2005 15:06:32 -0500
-----Original Message-----
Subject: [fw-wiz] scanning...


Follow what I mean? Ideas? Pretend the network is yours and you're free to

change anything 

you want - where would you start?


By posting an updated resume to monster.com?  :-)

When you're talking about a network with lots of ACL's and multiple
interfaces/aliases per host, automated tools are of diminished value.  Port
scanners like NMap* will suck for this kind of work because they won't
accurately identify individual CPU instances with multiple network
interfaces.  Your best bet is an SNMP scanner like SolarWinds' IP Network
Browser.  Pray that SNMP is on and not blocked.

Actually, I retract that.  In this situation the best thing to do is go to
the documentation.    After all of the money they paid to that contractor
there had better be at least a design and some "as installed" docs from the
hand-off.  If there is none, then go to the router and firewall configs.
Hopefully those bear enough resemblance to reality that you can figure out
what traffic goes where and begin to work your way back from there.

PaulM

*= Not bagging on NMap. Any port scanner will do a lousy job of identifying
which interfaces go to which hosts if there are multiple addresses
associated with each.  Especially if that view is distorted by connections
to multiple subnets and ACLs on routers.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: