Penetration Testing mailing list archives
Re: [PEN-TEST] Network Mapping
From: Ollie Whitehouse <ollie () DELPHISPLC COM>
Date: Wed, 13 Sep 2000 17:35:49 +0100
Mark, This graphical path analysis exists in Cybercop scanner (or sorts) from a physical network perspective. Yet from a logical perspective it would be cool. Rgds Ollie ----- Ollie Whitehouse Security Team Leader Delphis Consulting tel: +44 (0)20 79160200 mai: ollie () delphisplc com -----Original Message----- From: Curphey, Mark (ISS Atlanta) [mailto:MCurphey () ISS NET] Sent: Wednesday, September 13, 2000 3:52 PM To: PEN-TEST () SECURITYFOCUS COM Subject: Network Mapping Mr Batz sir, Hope youre well ? Agreed totally. I guess the question is what sort of map are you trying to acomplish. There are physical maps and logical maps. With NT Hosts for instance you may want to map all the hosts that have accounts in a particular domain (I wrote a Perl script to do this). You may additionally want to map the same hosts based on IP address. You may want to workout backbones and map those to geographical location. I think Batz's point of a multi-layered approach is spot on. We recently did some work using an ODBC and importing data from multiple tools into it. In old days I was an AutoCAd fanatic so was interested to note the last post on AutoDesk. Assuming the tools is part of AutoCAD you should be able to assign layers that can relate directly to a TCP/IP stack and filter layers accordingly. Imagine being able to shut of the trees and see the wood. Imagine being abole to see where databases are physically located, logically located. Imagine shutting of layers to just show where web servers are, where routers sit, where ....... Has anyone gotten really creative and modelled ACL's on network devices ? Imagine a graphical path analysis ? Anyone want to start a project ? -----Original Message----- From: batz [mailto:batsy () VAPOUR NET] Sent: Tuesday, September 12, 2000 9:11 AM To: PEN-TEST () SECURITYFOCUS COM Subject: Network Mapping (was Re: [PEN-TEST] How to "break into" the Pen-Testing field) On Mon, 11 Sep 2000, Carric Dooley wrote: :- I think the best tools for network mapping may be the free stuff (used :Visio 2K Enterprise... extremely painful. The SolarWinds stuff is nice :though. That with nmap, nlog can go a long way. SolarWinds or SuperScanner :are extremely fast and can give you a host list to work with. I would maybe :go back with those host lists and feed them to ISS Scanner, and nmap. Maybe :cybercop or nessus too. Depends on what you are trying to accomplish. Mapping the network, and making a network map require seperate tools. Mapping is best done with nessus, firewalk, ping, traceroute, and the route servers for network and transport layer. tcpdump, arp and anti-sniff for ethernet/link layer. Nmap is fine for session. Application, well, that's brute forcers, skriptz, whisker, and good old fashioned kung-f00 with some genuine clue thrown in for good measure. Some of the commercial tools do mapping AFAIK, and are useful for comparing your results to, but pointing tkined, visio 2k, or cheops at a network probably won't give you a thorough picture. If you wouldn't bill your clients for cookie cutter cybercop/iss/retina/nmap/nessus reports, why would you bill them for the same from a network mapping package? Making a network map; White board, and visio has cute widgets. Each layer of the protocol stack is a map unto itself. Tool based methodologies have the inherant problem of a top down approach. They enumerate services and their associated vulnerabilities and then induce that by there being a service and vuln, there must be a host, which implies a network, and vaguely suggests an underlying architecture. Seems logical right? It is, but it's still wrong. It's consistant with an inductive method, it's true within the scope of what is required for a network to exist, but it's totally incomplete. This e-mail and any files transmitted with it are intended solely for the addressee and are confidential. They may also be legally privileged.Copyright in them is reserved by Delphis Consulting PLC ["Delphis"] and they must not be disclosed to, or used by, anyone other than the addressee.If you have received this e-mail and any accompanying files in error, you may not copy, publish or use them in any way and you should delete them from your system and notify us immediately.E-mails are not secure. Delphis does not accept responsibility for changes to e-mails that occur after they have been sent. Any opinions expressed in this e-mail may be personal to the author and may not necessarily reflect the opinions of Delphis
Current thread:
- [PEN-TEST] Network Mapping Curphey, Mark (ISS Atlanta) (Sep 13)
- <Possible follow-ups>
- Re: [PEN-TEST] Network Mapping Ollie Whitehouse (Sep 13)
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 13)
- Re: [PEN-TEST] Network Mapping Mathew Bevan (Sep 14)
- Re: [PEN-TEST] Network Mapping H Carvey (Sep 14)
- Re: [PEN-TEST] Network Mapping Ryan Permeh (Sep 14)
- Re: [PEN-TEST] Network Mapping Greg (Sep 14)
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 14)
- Message not available
- Re: [PEN-TEST] Network Mapping Teicher, Mark (Sep 14)
- Re: [PEN-TEST] Network Mapping H Carvey (Sep 14)
- Re: [PEN-TEST] Network Mapping Frasnelli, Dan (Sep 14)
- Re: [PEN-TEST] Network Mapping The Count of CipherSpace (Sep 27)