Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: snmp

from [R. DuFresne] Network Security [Permanent Link]
Subject: Re: snmp
Date: Mon, 27 Sep 2004 20:11:01 -0400 (EDT) 
On Mon, 27 Sep 2004, Frank Knobbe wrote:


On Fri, 2004-09-24 at 15:39, R. DuFresne wrote:

You start by getting yer "get out of jail free card" from mgt.  If you
lack that, you are likely to get fired and then prosecuted.



I didn't read it like you did. It seemed to me that Juan wanted a tool
that lists some info retrieved via SNMP Gets. With that list we would
approach management, showing that you can query interface tables, etc,
with a community string of "public".

I didn't think that he wanted to "break into" and systems, or otherwise
"pentest" it (even though he used that word in his request. Improper use
of "pentest" in my book).



It may have been a languge issue, it may have been phrasing, but,m I read
it in the fashion to which I responded.  And find that security, being the
sexy thing in the IT realm, tends to attract alot of folks lacking, yet
seeking to gain, experience, often not with a decent understanding of what
might or might not be proper etiquette, or legalities.




I don't think he needs management approval or a JOOJF card to just list
some stuff with snmpwalk. After all, the information is "public", right?

As long as he doesn't circumvent counter-measures he should be fine.
After all, he is the one responsible for security in his company. He
would be one handing out the JOOJF cards ;)



Is he the one responsible for security in his company?  I didn't see that
in his pst, and I read it in his post that perhaps this was not his domain
at work, then again, perhaps I misread his whole request <smile>.  when I
read his request, the first thing to come to mind was the Randall Swharz
debacle...

But, you are correct sir, a proposal and a list of software that could
enumerate the issue to the mgt folks would not be a problem.  Using those
tools without either having security as his tasked domain at work <how I
read his request> would be.  Course, I work for a state gov that would
frown on any of this, since it might point out problems and cross domains
of 'influence'.  MGT here tends to not want to know and shoots the
messenger on sight.


Thanks,


Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Re:snmp, Jose Maria Lopez
Next by Date:  RE: snmp, Mike
Previous by Thread:  Re: snmp, Frank Knobbe
Next by Thread:  RE: snmp, Jeff Gercken
Indexes:  [Date] [Thread] [Top] [All Lists]