Chapter 5. Local Network Discovery
This chapter describes the tactics used to evaluate local network configuration. Goals include enumeration of available resources and exploitation of weaknesses to access data.
Most of the protocols described here are nonroutable (using the data link layer and local broadcast addresses) and thus you can evaluate them only from the local network. You will likely find yourself in one of two situations during testing: either you are onsite and have physical access to the network, or you have secured remote access to a system elsewhere. Some of the attacks discussed here require physical network access, but most do not.
Data Link Protocols
Ethernet is widely used as the underlying physical and data link layer format, as defined by the IEEE 802.3 and 802.2 standard working groups. A number of enhancements are often adopted in environments, as ratified by the IEEE 802.1 group:
-
802.1D (spanning tree protocol)
-
802.1Q (VLAN bridges)
-
802.1X (port-based network access control)
Many proprietary extensions also exist, as defined and used by vendors including Cisco. The relationship between 802.3, 802.2, and 802.1 standards, proprietary protocols, IP, and the OSI model is shown in Figure 5-1. Although other data link standards (e.g., 802.11 WiFi) are beyond the scope of this book, many of the attack tactics described here apply.
Figure 5-1. The physical, ...
Get Network Security Assessment, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
