Penetration Testing mailing list archives
Re: snmp
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Mon, 27 Sep 2004 20:11:01 -0400 (EDT)
On Mon, 27 Sep 2004, Frank Knobbe wrote:
On Fri, 2004-09-24 at 15:39, R. DuFresne wrote:You start by getting yer "get out of jail free card" from mgt. If you lack that, you are likely to get fired and then prosecuted.I didn't read it like you did. It seemed to me that Juan wanted a tool that lists some info retrieved via SNMP Gets. With that list we would approach management, showing that you can query interface tables, etc, with a community string of "public". I didn't think that he wanted to "break into" and systems, or otherwise "pentest" it (even though he used that word in his request. Improper use of "pentest" in my book).
It may have been a languge issue, it may have been phrasing, but,m I read it in the fashion to which I responded. And find that security, being the sexy thing in the IT realm, tends to attract alot of folks lacking, yet seeking to gain, experience, often not with a decent understanding of what might or might not be proper etiquette, or legalities.
I don't think he needs management approval or a JOOJF card to just list some stuff with snmpwalk. After all, the information is "public", right? As long as he doesn't circumvent counter-measures he should be fine. After all, he is the one responsible for security in his company. He would be one handing out the JOOJF cards ;)
Is he the one responsible for security in his company? I didn't see that in his pst, and I read it in his post that perhaps this was not his domain at work, then again, perhaps I misread his whole request <smile>. when I read his request, the first thing to come to mind was the Randall Swharz debacle... But, you are correct sir, a proposal and a list of software that could enumerate the issue to the mgt folks would not be a problem. Using those tools without either having security as his tasked domain at work <how I read his request> would be. Course, I work for a state gov that would frown on any of this, since it might point out problems and cross domains of 'influence'. MGT here tends to not want to know and shoots the messenger on sight. Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too!
Current thread:
- Re: snmp, (continued)
- Re: snmp R. DuFresne (Sep 27)
- Re: snmp Frank Knobbe (Sep 24)
- Re: snmp Vijay Kumar (Sep 25)
- RE: snmp Victor Chapela (Sep 25)
- RE: snmp Dom (Sep 25)
- RE: snmp Alexandre Skyrme (Sep 26)
- Re: snmp R. DuFresne (Sep 27)
- RE: snmp Jeff Gercken (Sep 24)
- RE: snmp Burnett, Robert (Sep 24)
- Re: snmp H Carvey (Sep 24)
- RE: snmp Guillaume Lavoix (Sep 24)
- RE: snmp Todd Towles (Sep 24)
- RE: snmp Christopher Adickes (Sep 24)
- Re:snmp Ghaith Nasrawi (Sep 27)
- Re: Re:snmp Jose Maria Lopez (Sep 28)
- RE: snmp Harper, Patrick (Sep 28)
- RE: snmp Hiten Pankhania (Sep 28)