On Monday 16 June 2003 11:43, Mark G. Spencer wrote: > I'm going to start soon on performing reconnaissance on a very large > international network. I already know much (not all) of the Cisco > network gear is "locked down" (latest IOS, tight ACL's, drop ICMP/TCP > ping, etc.) and the servers are behind Cisco PIX firewalls.
If you own all the equipment, why drop pings from your monitoring
station/subnet?
Do you have hubs in the network that you can do regional SNMP monitoring
from?
> I was wondering if anyone has tips on the best ways to determine if hosts
> are alive? I'm not very worried about stealth, since this activity is
> not being performed in secret.
What's the goal here? Round-the-clock slow scanning? Why not scan the
host(s) up-or-down? I'd think you'd have a record of what equipment
~should~ be on the network.
What I'm saying is I think monitoring of availability is different than
monitoring of security. { Well, it's quite arguable that availability (say
in CC processing) is part of the security but that's not what I'm getting
at.. I'm just saying two different systems/mechanisms can be used in this
case. }
Cheers, -Ali
--
OpenPGP Key: 030E44E6
--
Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife
--
Politics is the art of looking for trouble, finding it whether it
exists or not, diagnosing it incorrectly, and applying the wrong
remedy. -- Ernest Benn
pgp00000.pgp
Description: signature
