Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to produce a list of target subnets?

from [Ron Gula] Network Security [Permanent Link]
Subject: Re: How to produce a list of target subnets?
Date: Mon, 24 Mar 2008 09:32:56 -0400 
Rathbun, Dan wrote:

Greetings,

 

I am trying to figure out the best way to produce a comprehensive list
of subnets on our global network in order to feed it into Nessus.  Due
to the size of our network and the dynamic nature of it, a new list
really ought to be generated at least quarterly...if not monthly.  I
have tried simply pulling a routing table off one of the core routers,
but the resulting file requires too much reformatting to make it fit for
this use.  There has to be an easier way!

 

I wonder if any of you have found a convenient approach to dealing with
this requirement?  If so, would you be willing to share your lessons
learned?  Thanks.


I've seen a lot of different approaches.

- users have scripts that walk their switches to produce a list of IPs.
- some asset databases can export lists of IP addresses.
- some users perform a DNS walk and create a list that way.
- a variety of commercial and open source systems will export a list of hosts.
- some active directory users can pull target hosts from members in the domain.
- some users just perform an ICMP or TCP ping sweep with Nessus.
- there are asset management systems which include agents to report home from
   the hosts they are on.
- some NIDS and SIMs will export their lists of hosts they have discovered.

Each of these methods has pros and cons. For example, an active directory system
might not know about a new router and system that does not respond to pings or
scans might not be actively discovered.

With the Tenable approach, we do a few different things:

- The Security Center lets you upload any list of IP addresses and call it
   whatever you want.
- The Passive Vulnerability Scanner is always sniffing your network and
   building up a list of known hosts and many other parameters and
   vulnerabilities for each host.
- The Security Center can schedule daily or weekly discovery scans.
- Dynamic lists can be automatically created based on DNS name, applications
   or any other data obtained by Nessus or the PVS.

Ron Gula
Tenable Network Security











_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  How to produce a list of target subnets?, Rathbun, Dan
Next by Date:  Re: How to produce a list of target subnets?, mike . sleeper
Previous by Thread:  How to produce a list of target subnets?, Rathbun, Dan
Next by Thread:  Re: How to produce a list of target subnets?, mike . sleeper
Indexes:  [Date] [Thread] [Top] [All Lists]