Identifying communicating network nodes in the same local network

Abstract

Methods and systems for executing a penetration test of a networked system by a penetration testing system so as to determine a method by which an attacker could compromise the networked system, and / or for distributing common sets of data to nodes of a networked system. The methods and systems include identifying network nodes which have shared broadcast domains.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS[0001]This patent application claims the benefit of U.S. Provisional Patent Application No. 62 / 654,463 filed on Apr. 8, 2018, which is incorporated herein by reference in its entirety.FIELD OF THE INVENTION[0002]The present invention relates to systems and methods for identifying communicating network nodes in networked systems that share a broadcast domain, and using such identification for penetration testing of the networked systems to determine security vulnerabilities, and / or for distribution of common sets of data to the communicating network nodes.BACKGROUND[0003]There is currently a proliferation of organizational networked computing systems. Every type of organization, be it a commercial company, a university, a bank, a government agency or a hospital, heavily relies on one or more networks interconnecting multiple computing nodes. Failures of the networked computing system of an organization or even of only a portion of it might cause...

AI Technical Summary

Benefits of technology

The present invention provides a method for executing a computer-implemented penetration test of a networked system by a penetration testing software module and a reconnaissance agent software module installed on at least two network nodes of the networked system. The method involves receiving first information about a first data packet from a first network node and second information about a second data packet from a second network node. The first and second information are compared to determine if they match. If they do, the method proceeds to determine the method by which an attacker could compromise the networked system. The first and second data packets can include, for example, ARP data packets, LLMNR data packets, NBNS data packets, IP data packets with an IP broadcast address, IP link-local addresses, or other fields such as a MAC address or protocol type field. The method can also involve performing additional steps such as checking if the first and second information meet a matching condition and reporting the method through a display device or file transmission. Overall, the invention provides a reliable and effective method for testing the vulnerability of networked systems.

Problems solved by technology

However, there are certain circumstances in which the above naïve solution either is not applicable or does not produce correct results:

Lacking an IP address, the naïve solution cannot even be applied in this case.

Applying the naïve solution in such case might result in concluding that the floor still constitutes a single broadcast domain, even though this is no longer the case.

However, the naïve solution attempts to achieve the goal using IP addresses, which are inherently level-3 concepts.

However, while such solution may work correctly, it is highly undesirable for penetration testing.

The solution might cause two network nodes that under normal conditions never communicate with each other to start communicating, thus triggering alarms by security applications in the networked system.

Images