Network Penetration Methods Empoloyed

proxies (using shared external ip addresses) or firewalling where the ip external addresses are differing, although shared Ip address can mean the use of VIPs or Phantom ip addresses on the firewalls .. i.e. a good level of security.

Assessment of vulnerability to stealth penetration methods

Perimeter testing can be employed by using modified scanning methods to test perimeter-monitoring security. Carefully constructed ping sweeps would used here using fling (with the gping ip generator), WS Ping Pro, and of course nmap. A stealth assessment checking method would mean longer timeouts to test visibility to monitoring. Hosts that failed to respond would be tracerouted (using NT and Unix versions for both UDP and ICMP bases) to determine with more certainty the address of the firewalls.

Router names can be examined to determine vulnerability to describing the links from the ISP to the company. Social Engineering vulnerability could be tested for here with regard to getting key services through the routers to the client network through the quoting of key staff names to the ISP support personnel. Manufacturer default password use would then be tested for on the company end router.

Firewall Policy Reverse Engineering Vulnerability testing..

Hping allows a reverse engineering of the ruleset by detailing the response received from targets .. i.e. syn/ack back means port open, icmp 13 .. interface administratively down, RST/ACK means ip stack reject or Firewall-1 reject, Nothing back means silent dropping going on and a sophisticated secure environment has been established.

Varied source ports on UDP traceroutes can produce opportunities for partial