Penetration Testing mailing list archives
RE: internal network mapping & traversal
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 24 Sep 2008 13:59:40 -0400
Paul, do the FWSM's respond to L2 cdp queries? Your response started me thinking about how a user could map a network from the inside using
cdp.
I know about the PIX and ASA, but have never worked with the FWSM. Thank you.
Hi Richard, Cisco FWSM does not pass CDP in either L2 transparent or L3 routed modes. However, I think that using CDP is another good way to find out about a network you're attached to, for example by getting a list of "neighbor" devices. The only problem is that CDP is L2, and so, like ARP, doesn't go beyond the local subnet/vlan. CDP is also a great place to start attacking during an internal pen-test. Yersinia, ettercap, and the Phenoelit cdp utility are all very handy. Conveniently, these are all part of the current BackTrack tool set. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Top 5 Common Mistakes in Securing Web Applications Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- internal network mapping & traversal lister (Sep 22)
- Re: internal network mapping & traversal Trygve Aasheim (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- <Possible follow-ups>
- Re: internal network mapping & traversal Robert E. Lee (Sep 23)
- Re: internal network mapping & traversal Paul Melson (Sep 23)
- Message not available
- RE: internal network mapping & traversal Paul Melson (Sep 24)
- Re: internal network mapping & traversal Paul Melson (Sep 23)