Re: scanning...

["Paul D. Robertson" <paul () compuwar net>]

On Wed, 2 Nov 2005, Brian Loe wrote:

> Let me ask all of you a fairly generic question that should garner
> lots of different ideas. Let us say that you have gone to work for a
> new company as a network admin. It is a fairly complex network with
> multiple routers, switches and firewalls (a firewall for every router,
> let's say). The current network team has no formal training and have
> done all of their learning on the job, following a contracting company
> who was paid to initially setup the network.
>
> Okay, so how would you go about mapping out this network? You don't

1.  Have the current staff draw diagrams as they understand the network.
2.  Chase as many wires as you can, documenting what's connected where.
3.  Put switches into mirroring mode and sniff for addresses (IP and MAC) 
and scan the ranges you sniffed (IP and MAC.)
4.  While you're on each switch, actively scan using whatever you're 
comfortalbe with.
5.  Cheops-ng isn't too bad a place to start.
6.  If you have Windows boxes, use WMI to enumerate systems/interfaces.
7.  If someone has SNMP enabled on stuff use that to enumerate stuff.
8.  Scan broadcast addresses for things which will answer to global 
ethernet or IP broadcast addresses, then natural subnet broadcast 
addresses.
9.  Get MAC addresses off the switches, if the switches don't do that, 
then swap them out.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
fora.compuwar.net      Infosec discussion boards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards