From fc192a25883b15f55ede81d11eff9bad53fa336e Mon Sep 17 00:00:00 2001 From: Tobias Eidelpes Date: Fri, 21 May 2021 11:16:39 +0200 Subject: [PATCH] Answer questions for ex1 --- ex1/README.md | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 ex1/README.md diff --git a/ex1/README.md b/ex1/README.md new file mode 100644 index 0000000..f19551b --- /dev/null +++ b/ex1/README.md @@ -0,0 +1,30 @@ +# Exercise 1 + +## Passive Information Gathering + +>>> +Are mail servers hosted by the same company? Depending on the company, the +answer to this question can be "yes" or "no". Considering each of these +possibilities, does it make sense targeting mail servers as potential vectors +for penetration attacks? +>>> + +Yes, it makes sense to target mail servers especially when they are hosted by +the same company. Servers which are not hosted by the same company are +presumably not included in the penetration testing contract and attacking those +external servers might be illegal. + +## Profiling Host Activity + +>>> +Imagine using Wireshark for checking all the traffic passing through an +intermediate routing device. Do you think that you could detect hosts performing +horizontal scanning? And vertical scanning? Do you consider Wireshark as a +suitable tool for analyzing large amounts of network traffic data? Why? +>>> + +As soon as the amount of traffic routed through the routing device exceeds +hundreds of megabytes, it might not be feasible to use wireshark to analyze the +traffic. Maybe it is possible with a good grip on all the filtering capabilities +of wireshark, but one definitely has to know what to look for. Big amounts of +traffic data are better analyzed using programmatic means.