Answer questions for ex1
This commit is contained in:
parent
9aba932e21
commit
fc192a2588
30
ex1/README.md
Normal file
30
ex1/README.md
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
# Exercise 1
|
||||||
|
|
||||||
|
## Passive Information Gathering
|
||||||
|
|
||||||
|
>>>
|
||||||
|
Are mail servers hosted by the same company? Depending on the company, the
|
||||||
|
answer to this question can be "yes" or "no". Considering each of these
|
||||||
|
possibilities, does it make sense targeting mail servers as potential vectors
|
||||||
|
for penetration attacks?
|
||||||
|
>>>
|
||||||
|
|
||||||
|
Yes, it makes sense to target mail servers especially when they are hosted by
|
||||||
|
the same company. Servers which are not hosted by the same company are
|
||||||
|
presumably not included in the penetration testing contract and attacking those
|
||||||
|
external servers might be illegal.
|
||||||
|
|
||||||
|
## Profiling Host Activity
|
||||||
|
|
||||||
|
>>>
|
||||||
|
Imagine using Wireshark for checking all the traffic passing through an
|
||||||
|
intermediate routing device. Do you think that you could detect hosts performing
|
||||||
|
horizontal scanning? And vertical scanning? Do you consider Wireshark as a
|
||||||
|
suitable tool for analyzing large amounts of network traffic data? Why?
|
||||||
|
>>>
|
||||||
|
|
||||||
|
As soon as the amount of traffic routed through the routing device exceeds
|
||||||
|
hundreds of megabytes, it might not be feasible to use wireshark to analyze the
|
||||||
|
traffic. Maybe it is possible with a good grip on all the filtering capabilities
|
||||||
|
of wireshark, but one definitely has to know what to look for. Big amounts of
|
||||||
|
traffic data are better analyzed using programmatic means.
|
||||||
Loading…
x
Reference in New Issue
Block a user