Re: Topology discover

From: Laurent Constantin (infos@aql.fr)
Date: Fri Sep 23 2005 - 11:39:42 EDT

• Next message: oh face: "Re: LSADump2 Crashing Systems"
• Previous message: Hayes, Ian: "RE: VOIP Security"
• Maybe in reply to: RSMC: "Topology discover"
• Next in thread: Samuel R. Baskinger: "RE: Topology discover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hello,

> I am currently performing a pen-test in the internal network of a company.
> I am used to pen-testing systems and the set of applications they
> support, looking for vulnerabilities in software version, logic or
> misconfiguration.
> I have also considered routing and protocol attacks as ARP spoofing and
> RIP packet injection.
> But I think I am missing some techniques to find out what the topology
> is. [...]

There is a tool in my toolbox netwox which can help you :
  http://www.laurentconstantin.com/en/netw/

Tool 214 does several traceroutes to a range of computers :
 - TCP traceroute to port 21
 - TCP traceroute to port 22
 - TCP etc.
 - UDP traceroute to port 53
 - UDP etc.
 - ICMP traceroute
Then, a text graph, representing each computer, is drawn. This is not very
nice, but very useful.

For example :
  netwox 214 --ips "192.168.1.0/24" --tcpports \
    "21,22,23,25,53,79,80,88,110,113,119,139,143,389,443,445,1080,2401,6000" \
    --udpports "1,53,67,68,123,137,138,161,162,177,514" --icmp --min-ttl 4 \
    --max-ttl 7 --max-ms 300 --resolve --verbose

Just to be clear, this tool only discover computers, and does not search
for any vulnerabilities.

Regards,
Laurent Constantin

--
+--------+ Vigil@nce, vulnerabilities tracking +---------+
| http://vigilance.aql.fr/           tel: 02 99 12 50 00 |
| vigilance@aql.fr                   fax: 02 99 63 70 40 |
+-------------------+ Personal website +-----------------+
| http://www.laurentconstantin.com/  (main server)       |
| http://go.to/laurentconstantin/    (first mirror)      |
+--------------------------------------------------------+
------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 
Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:
http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: oh face: "Re: LSADump2 Crashing Systems"
• Previous message: Hayes, Ian: "RE: VOIP Security"
• Maybe in reply to: RSMC: "Topology discover"
• Next in thread: Samuel R. Baskinger: "RE: Topology discover"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:59 EDT