31 lines
1.3 KiB
Markdown
31 lines
1.3 KiB
Markdown
# Exercise 1
|
|
|
|
## Passive Information Gathering
|
|
|
|
>>>
|
|
Are mail servers hosted by the same company? Depending on the company, the
|
|
answer to this question can be "yes" or "no". Considering each of these
|
|
possibilities, does it make sense targeting mail servers as potential vectors
|
|
for penetration attacks?
|
|
>>>
|
|
|
|
Yes, it makes sense to target mail servers especially when they are hosted by
|
|
the same company. Servers which are not hosted by the same company are
|
|
presumably not included in the penetration testing contract and attacking those
|
|
external servers might be illegal.
|
|
|
|
## Profiling Host Activity
|
|
|
|
>>>
|
|
Imagine using Wireshark for checking all the traffic passing through an
|
|
intermediate routing device. Do you think that you could detect hosts performing
|
|
horizontal scanning? And vertical scanning? Do you consider Wireshark as a
|
|
suitable tool for analyzing large amounts of network traffic data? Why?
|
|
>>>
|
|
|
|
As soon as the amount of traffic routed through the routing device exceeds
|
|
hundreds of megabytes, it might not be feasible to use wireshark to analyze the
|
|
traffic. Maybe it is possible with a good grip on all the filtering capabilities
|
|
of wireshark, but one definitely has to know what to look for. Big amounts of
|
|
traffic data are better analyzed using programmatic means.
|