(5) DHCP Logs Server Config Files

Question 1

How are DHCP logs useful in passive reconnaissance?

Answer 1

DHCP logs are useful in passive reconnaissance because one can ID many hosts on a network.

One can combine DHCP logs with firewall logs to figure out which hosts are provided with dynamic IP addresses and what hosts are using static IPs.

Question 2

Where are DHCP logs found in Linux?

Answer 2

DHCP logs are normally found in Linux in the /var/log/dhcp.log or by using journalctl to view the logs, depending on distribution

Question 3

What do router and firewall configuration files normally contain?

Answer 3

Router and firewall configuration files normally contain information about successful and blocked connections

Question 4

What is important to remember about firewall and router configuration files?

Answer 4

Router and firewall configuration files are very useful in that they can be clearly read to understand how systems interact with the firewall

Question 5

What do firewall logs do for penetration testers?

Answer 5

Firewall logs allow pentesters to reverse engineer firewall rules based on the logs’ contents. Log files provide a good view of how traffic flows.

Firewall logs normally have a vendor specific firewall even log format that provides information based on the vendor’s logging standards

Question 6

Even though organizations use a wide variety of firewalls, there is one similarity amongst them all, what is it?

Answer 6

All firewalls provide a date/time stamp and details of the event in an understandable format

Question 7

What do we need to remember about log file, what they contain, and their ease of access?

Answer 7

Log files provide information about systems, configurations, what apps are running on them, which user accounts are within the infrastructure, etc. but normally aren’t that easy to access because they are kept secure unless one is able to get admin access