Penetration Testing: Re: Find out the subnetting of a company

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Penetration Testing mailing list archives

Re: Find out the subnetting of a company

From: Tim <tim-security () sentinelchicken org>
Date: Tue, 20 Jul 2004 18:26:23 -0700

During an internal black-box penetration test, from a subnet of a company
(with or without DHCP), how do you find out the structure of the other subnets
of network? In particular, how do you determine/discover the subnetting
of the IP space of a company?


I just ran across this today, while trying to figure out what ICMP
requests I wanted to let through my firewall.

http://www.networksorcery.com/enp/protocol/icmp/msg17.htm

Perhaps by doing traceroutes to various IPs, followed by a subnet
request to the routers that show up would be helpful.  I don't know how
well it is even supported, but would save you lots of work if it worked.

Needless to say, I didn't allow this one through the ol' firewall... ;-)

tim

By Date By Thread

Current thread:

Re: Find out the subnetting of a company, (continued)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
  - Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
    - Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
  - Re: Find out the subnetting of a company Andy Cuff (Jul 21)
- RE: Find out the subnetting of a company easternerd (Jul 21)
- Re: Find out the subnetting of a company Tim (Jul 21)
- RE: Find out the subnetting of a company Dieter Sarrazyn (Jul 20)
  - Re: Find out the subnetting of a company Volker Tanger (Jul 21)
  - RE: Find out the subnetting of a company Rob J Meijer (Jul 21)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 21)
  - Re: Find out the subnetting of a company Tony Carter (Jul 22)