October 12, 2024, 12:52:20 PM

Author Topic: Slitheris to parallel VLAN  (Read 411 times)

Davidh

  • Member
  • *
  • Posts: 11
Slitheris to parallel VLAN
« on: August 02, 2024, 02:01:47 PM »
First, Slitheris is a great tool. I have been able to get a lot of companies to buy it after they see me using it.
However on one of my latest projects, I was wondering about something. What firewall exeptions would I have to set to allow Slitheris to scan different VLAN?
I use Slitheris a lot to scan the network, but that means I have to connect my laptop to multiple VLAN and keep switching the port.
Instead of doing this from the switch closet I would like to do it from a station, and enable a firewall rule that allows the scanning from that station (firewall rule on the gateway connecting the VLAN, not on the computers).
These types of network are getting more common for me, as I have been doing lots of deployments with air gap, and ZTNA.
Interesting enough, the more complicated the network becomes, the more Slitheris shines.
So I was planning to have a firewall rule that I can enable while running the scan, but I wanted to keep it as tight as possible, mainly as some of the networks are following CMMC compliance (NIST 800-171/172).
On a separate note, it is funny (as technical funny) to watch CrowdStrike freak out while Slitheris is running scans :)

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 2704
  • Dayton, Ohio, USA
Re: Slitheris to parallel VLAN
« Reply #1 on: August 16, 2024, 04:43:11 AM »
Hi David. Thank you very much for the compliments!

We're so sorry for the delay! Our forums are out-of-date. We're working to replace it ASAP and open it up to everyone.

We understand your security concerns. Security is getting tighter.

Our installer should change Windows Firewall rules to explicitly allow/whitelist our EXE. Have you checked if our EXE is in the exception list?

Thank you for being a long-term fan! No comment on CloudStrike. :)
« Last Edit: August 16, 2024, 04:48:15 AM by Komodo Support »

Davidh

  • Member
  • *
  • Posts: 11
Re: Slitheris to parallel VLAN
« Reply #2 on: August 19, 2024, 01:11:01 PM »
Yes, Slitheris does add the rule.
However, what I am trying to do is different.
We, like in many companies use network segmentation. To achieve this, I have a few VLAN, and ZTNA tags.
So, let's say my computer is on VLAN1 with IP 192.168.1.100. Not only I want to scan 192.168.1.0/24 but I would also scan the server network with 192.168.2.0/24
To connect these VLANs I need to make a firewall rule, but I only want to allow the ports necessary.
I do know Slitheris uses port 445, 139, 135, most likely also it scans 443, 22 and 23. But I wanted to see if there is a comprehensive list to make the scan as accurate as possible.
Watching TCP Connections from Resource Monitor I can see a lot more ports.
At the moment, I have a rule allowing all the ports, that I have to manually enable and disable when I scan. I just would like to have it a bit more tight in case I forget to disable the rule

Komodo Support

  • Administrator
  • Member
  • *****
  • Posts: 2704
  • Dayton, Ohio, USA
Re: Slitheris to parallel VLAN
« Reply #3 on: September 20, 2024, 04:40:28 AM »
Hi again, so sorry for the delay.

Yes Slitheris scans for far more ports than TCP 445, 139, 135, 443, 22 and 23, depending on the devices being scanned. And then there are UDP ports such at 161 for SNMP it may also check for.

Are these Windows Firewall rules you're having to change? Are you wondering if we can automate enabling and disabling firewall rules during scans?