jtingkir wrote:
Is there any method of doing a scan of all the network, all of the subnets.
Not really. In any network, there could easily be firewalls or other network-separating devices that simply won't let you through unless you come from the right IP address, or if you can show the right credentials. In highly security-concscious networks, the switch might not let your traffic through, unless you have the right credentials.
Someone who has a lot of time may be able to do something clever with firewalking or the more abstruse scanning methods. But that kind of job is usually left to security testers.
And even if you do find a NAS ... will you be able to identify it? Or will nmap just say something about embedded Linux? Or perhaps identify the OEM platform, and completely miss the brand name that is on the front and that everyone uses in daily business?
And it might not be a NAS ... what if it's ATA-over-Ethernet or some other SAN tehcnology? Will you find it?
You will also probably have to explain and perhaps even defend your collection methodology at some point or another. As long as you have good explanation why you decided to not ask the local experts to ensure you really collected everything, you'll probably be fine.
↧