RE: Using ARP to map a network

From: Jason Lewis (jlewisat_private)
Date: Tue Feb 04 2003 - 16:36:18 PST

Next message: Ińigo González Ponce: "Re: Routes that are susceptible to SNMP"

Previous message: Rod Strader: "RE: Routes that are susceptible to SNMP"
In reply to: Rob Shein: "RE: Using ARP to map a network"
Next in thread: Dario N. Ciccarone: "RE: Using ARP to map a network"
Next in thread: planz: "Re: Using ARP to map a network"
Reply: Dario N. Ciccarone: "RE: Using ARP to map a network"
Reply: Rob Shein: "RE: Using ARP to map a network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Maybe I am asking the wrong question.

If my goal is to passively map a network, what is the best way to do that?

> I'm not quite sure how ARP harvesting (via SNMP, presumably?) is
> passive, but here goes:
>
> On the face of it, you should be able to do this.  Problems could occur
> if you run into firewalls, or in switched environments where there are
> machines that infrequently communicate outwards (and rarely broadcast).
> Unfortunately, both of these instances are much more likely with respect
> to critical infrastructure (like database back-end servers or the
> accounting department.)  What is the goal of using this means as opposed
> to some other method?  SNMP queries to routers may be just as obvious as
> ping sweeps or SYN scans in the eyes of an IDS, and perhaps even more so
> if they have logging set high enough.
>
>> -----Original Message-----
>> From: Jason Lewis [mailto:jlewisat_private]
>> Sent: Tuesday, February 04, 2003 6:37 PM
>> To: pen-testat_private
>> Subject: Using ARP to map a network
>>
>>
>> I have searched and can't seem to find any tools to help map
>> a network based on ARP tables.
>>
>> It seems to me, I could take ARP tables from several machines
>> and build a network map.  If machines were behind a router
>> the ARP tables would show multiple IP's with the same MAC.
>> With enough ARP tables, wouldn't I be able to build a map?
>>
>> Is my theory flawed?
>>
>> My goal is to do passive network mapping based on any local
>> information I can obtain from computers or network devices.
>> Anyone have any ideas?
>>
>> jas
>>
>>
>>
>> --------------------------------------------------------------
>> --------------
>> This list is provided by the SecurityFocus Security
>> Intelligence Alert (SIA) Service. For more information on
>> SecurityFocus' SIA service which automatically alerts you to
>> the latest security vulnerabilities please see:
> https://alerts.securityfocus.com/




----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Ińigo González Ponce: "Re: Routes that are susceptible to SNMP"
Previous message: Rod Strader: "RE: Routes that are susceptible to SNMP"
In reply to: Rob Shein: "RE: Using ARP to map a network"
Next in thread: Dario N. Ciccarone: "RE: Using ARP to map a network"
Next in thread: planz: "Re: Using ARP to map a network"
Reply: Dario N. Ciccarone: "RE: Using ARP to map a network"
Reply: Rob Shein: "RE: Using ARP to map a network"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Feb 05 2003 - 10:42:48 PST