Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

RE: Mapping Class A network ( any easy trick?)

from [Moonen, Ralph] Network Security [Permanent Link]
Subject: RE: Mapping Class A network ( any easy trick?)
Date: Wed, 9 Feb 2005 19:05:23 +0100 
Hi,

Apart from the timing issues (I agree totally) I still think that you
cannot call nmap+nbtstat or nmap+nessus or whatever combinatioin
'penetration testing'. To me that is Vulnerability Analysis. VA on a
class A is tricky enough. Pentesting (ie attempted exploitation of all
discovered vulenrabilities) on a full class A is extremely difficult.
Impossible for 1 man and his laptop, given average population of
networks. 

I assume that stealth is not an issue here, and if indeed not, then my
choice for the mapping and scanning would be to have a few lappies (like
your setup) crunch away unattendend (but with humans on call 24/7) for
as long as it takes. For the actual testing (exploiting) I usually
concentrate on the business critical environments and the devices that
those environments most heavily depend on. No use pentesting each and
every workstation. 

But usually, it never gets that far. You find so much sh*t during the
first scans and so when you've totally 0wn3d the SAP environment within
half a day it's pretty clear what needs to happen first. 

--Ralph


-----Original Message-----
From: Tim [mailto:tim-pentest@sentinelchicken.org] 
Sent: woensdag 9 februari 2005 18:10
To: Moonen, Ralph
Cc: John Thomas; pen-test@securityfocus.com
Subject: Re: Mapping Class A network ( any easy trick?)

--- Virus checked / op virussen gecontroleerd ---


You might also want to manage expectations. Pentesting a full class A,



even given low population of the network will take you months. I think


It can be done faster.

Once upon a time I built a system with primarily shell/python/perl which
used nmap and nbtscan to scan all RFC1918 addresses in a large company.
With a LOT of timing optimization options, and a very focused set of
ports we were scanning for, we were able to scan this many IPs in 2-3
days.  However, we had to distribute the scan across 8 linux machines,
each of which ran 4 scanning threads in parallel.  We didn't utilize any
broadcasts, of course.

It is a pain, and I don't recommend doing it unless you have a good
reason, but it can be done with enough effort.

The more recent versions of nmap supposedly has a more efficient
scanning engine.  Definately use the newest stuff.

tim

ps- Our scanning network could scan 300+ IPs/sec on average (majority of
IPs didn't have hosts, of course) and during the scan, a few older
firewalls tipped over.  Be careful.


--------------------------------------------------------------------------------------------------------------------------------------------
De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend 
bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming 
hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is 
verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk 
van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht.
KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van 
elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt 
tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van 
elektronische berichten, onderschepping of manipulatie van elektronische 
berichten door derden of door programmatuur/apparatuur gebruikt voor 
elektronische communicatie en overbrenging van virussen en andere kwaadaardige 
programmatuur.

Any information transmitted by means of this e-mail (and any of its 
attachments) is intended exclusively for the addressee or addressees and for 
those authorized by the addressee or addressees to read this message. Any use 
by a party other than the addressee or addressees is prohibited. The 
information contained in this e-mail (or any of its attachments) may be 
confidential in nature and fall under a duty of non-disclosure.
KPMG shall not be liable for damages resulting from the use of electronic means 
of communication, including -but not limited to- damages resulting from failure 
or delay in delivery of electronic communications, interception or manipulation 
of electronic communications by third parties or by computer programs used for 
electronic communications and transmission of viruses and other malicious code.

--------------------------------------------------------------------------------------------------------------------------------------------
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Mapping Class A network ( any easy trick?), Tim
Next by Date:  RE: Mapping Class A network ( any easy trick?), robert
Previous by Thread:  RE: Mapping Class A network ( any easy trick?), Brass, Phil (ISS Atlanta)
Next by Thread:  Re: Mapping Class A network ( any easy trick?), Tim
Indexes:  [Date] [Thread] [Top] [All Lists]