The recent discussion about finding useful penetration tools got me to thinking.
As I understand it penetration tests against non-routable networks, that is networks behind a firewall that use a single IP address,(usually the Firewall external address), are of a questionable valuable. There really isn't any way to attack internal hosts if you can't route to them? Correct?
You really need an internal agent to initiate the connections. Is this correct?
What sort of tools or methods are available to tests vulnerabilities? Should I just try outbound tests and see what's available?
Of course I do realize that you can try to penetrate the Firewall itself but I think that is generally pretty easy to test.
I am not saying that non-routable networks are inherently secure merely that pen test tools have limited usefullness against them.
The reason I am asking this is because I am being asked to provide test results from a penetration test to provide to a auditor, who appears to have the ulterior motive of selling us their pen test services. I really don't want their services and would much prefer we use that money on other security related stuff.
