Answer questions for ex1
This commit is contained in:
parent
9aba932e21
commit
fc192a2588
30
ex1/README.md
Normal file
30
ex1/README.md
Normal file
@ -0,0 +1,30 @@
|
||||
# Exercise 1
|
||||
|
||||
## Passive Information Gathering
|
||||
|
||||
>>>
|
||||
Are mail servers hosted by the same company? Depending on the company, the
|
||||
answer to this question can be "yes" or "no". Considering each of these
|
||||
possibilities, does it make sense targeting mail servers as potential vectors
|
||||
for penetration attacks?
|
||||
>>>
|
||||
|
||||
Yes, it makes sense to target mail servers especially when they are hosted by
|
||||
the same company. Servers which are not hosted by the same company are
|
||||
presumably not included in the penetration testing contract and attacking those
|
||||
external servers might be illegal.
|
||||
|
||||
## Profiling Host Activity
|
||||
|
||||
>>>
|
||||
Imagine using Wireshark for checking all the traffic passing through an
|
||||
intermediate routing device. Do you think that you could detect hosts performing
|
||||
horizontal scanning? And vertical scanning? Do you consider Wireshark as a
|
||||
suitable tool for analyzing large amounts of network traffic data? Why?
|
||||
>>>
|
||||
|
||||
As soon as the amount of traffic routed through the routing device exceeds
|
||||
hundreds of megabytes, it might not be feasible to use wireshark to analyze the
|
||||
traffic. Maybe it is possible with a good grip on all the filtering capabilities
|
||||
of wireshark, but one definitely has to know what to look for. Big amounts of
|
||||
traffic data are better analyzed using programmatic means.
|
||||
Loading…
x
Reference in New Issue
Block a user