Re: Scanning Class A network

From: Adam Jones (ajones1@gmail.com)
Date: Wed Oct 26 2005 - 11:26:55 EDT

• Next message: Alex Stender: "Backdoor:Win32/Hackdef.E"
• Previous message: hugh: "Rolex isn't for everyone.. is it for you?"
• In reply to: tarunthenut@gmail.com: "Scanning Class A network"
• Next in thread: Brian Loe: "RE: Scanning Class A network"
• Reply: Brian Loe: "RE: Scanning Class A network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

A lot of people have mentioned the bandwidth involved in doing this,
and I wonder if it would be possible to fake an external scan using ip
address spoofing and some passive monitoring equipment. The idea would
be to take an ip address outset of the networks address range and
either assign that to a machine or spoof packets to that address and
if you did use spoofing pick up return packets passively as they try
to find their way out. Probably should do this with an ip address that
you control, otherwise you might get someone just a bit upset.

Really though if their firewalls are configured to silently drop
packets that do not actually "hit" something (as most of the
configurations I see today do) then you will be at this forever. My
suggestion is to try and get this divided up. Get an idea of what they
are looking for with this audit. If they want insecure machines/rogue
servers on systems they know are live then use the arp tables on your
routers (as someone suggested earlier) to put together a scan list. If
they want to catch unauthorized network connections try to do some
work correlating dhcp assignments with known hosts and see what is
left over after you are done. My point is that "scan this entire class
A 1-65535" is probably A) more data than can be easily interpreted to
make useful, B) more work than that data will probably be worth, and
C) nowhere near as effective as focusing on specific individual tasks.

In the end though the guys that write the checks make the decisions.
If trying to get them to take a more reasonable course of action here
does not work then a lot of other people have great suggestions on how
to get it done.

-Adam

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------

• Next message: Alex Stender: "Backdoor:Win32/Hackdef.E"
• Previous message: hugh: "Rolex isn't for everyone.. is it for you?"
• In reply to: tarunthenut@gmail.com: "Scanning Class A network"
• Next in thread: Brian Loe: "RE: Scanning Class A network"
• Reply: Brian Loe: "RE: Scanning Class A network"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:06 EDT