|
Penetration Testing
mailing list archives
RE: Find out the subnetting of a company
From: "Dieter Sarrazyn" <dsr () ascure com>
Date: Tue, 20 Jul 2004 08:38:42 +0200
Hi,
You can find lot's of the subnet structure with ping & traceroute scans
already. First, you can use the ping functionality of nmap (nmap -sP)
which should give you information about network and broadcast addresses.
If you found these parts, you already know how the subnetting is done.
With traceroute, you'll find out how these subnets are connected to
eachother.
Of course, if there's a router that has snmp enabled, try to find one of
the community strings & dump the routing table of this router...
Hope this helps.
regards,
Dieter
-----Original Message-----
From: il.prof () virgilio it [mailto:il.prof () virgilio it]
Sent: donderdag 15 juli 2004 10:17
To: pen-test () securityfocus com
Subject: Find out the subnetting of a company
During an internal black-box penetration test, from a subnet
of a company (with or without DHCP), how do you find out the
structure of the other subnets of network? In particular, how
do you determine/discover the subnetting of the IP space of a company?
An example:
- IP network of the company XYZ: 10.0.0.0/8 (I use a private
class to avoid the use of a real address space)
- I?m in the subnet 10.0.0.0/24
How do you find out the structure of other subnets that are
part of the network 10.0.0.0/8?
Il Prof.
 By Date 
By Thread
Current thread:
- Re: Find out the subnetting of a company, (continued)
|
Intro
