Home page logo
/

pen-test logo Penetration Testing mailing list archives

RE: Discovering network subnets
From: "Timothy Dillman" <info () globaldataconsulting com>
Date: Sun, 21 Aug 2005 11:20:48 -0500

 
Hannibal,

What indication do you have that the X.X.X.0/24 is a host address?  Does it
fall between 2-254?  The output you shared only tells us how the network is
subnetted.

Also, classful addressing was done away with several years ago.  The class
A, B, C, etc.. hiearchy was replaced with something called Classless
Inter-Domain Routing (CIDR).  CIDR allows subneting bit by bit rather than
by full octet blocks.  

If your output lists an IP address followed by a slash twenty-four (/24)
your subnet mask is 255.255.255.0.  Assuming the network isn't further
subnetted within the /24, your network address will be X.X.X.1 and your
broadcast address will be X.X.X.255 leaving X.X.X.2-254 as valid host
addresses.  X.X.X.0/24 is the merely the address range you are dealing with.

Good Luck,
Tim Dillman - CCE, CCNA
Global Data Consulting, LLC
9901 N. Hedges Ave.
Kansas City, MO. 64157
o:(816)841-2511
c:(816)519-2366
f:(816)841-2598
info () globaldataconsulting com


-----Original Message-----
From: Payton, Zack [mailto:Zack.Payton () MWAA com] 
Sent: Saturday, August 20, 2005 5:35 PM
To: hannibal blog; pen-test () securityfocus com
Subject: RE: Discovering network subnets

Most likely it's not a /24 but some kind of larger network like a /23 for
example.

For example:
10.0.0.0/23 ranges from 10.0.0.0 - 10.0.1.255 making 10.0.1.0 a completely
valid address.

As far as figuring out the topology map where are you in relation to the
network?
If you're on the broadcast domain use DHCP or a sniffer to listen for
broadcast packets.
If not... See if you can query network devices using SNMP... It's pretty
trivial to figure out packet signatures for cisco and Juniper routers and
then brute force SNMP.  Using DHCP relay sometimes works.  ICMP Address mask
requests if they're not behind a firewall which they don't
appear to be if X windows is exposed to the internet.   If it's not a
private network just use traceroute.orgs route servers.... If you're in the
same AS it may be possible to for a routing adjacency with the IGP using
FX's virtual router attack kit...

Who knows?
Z
 

-----Original Message-----
From: hannibal blog [mailto:hannibalsec () gmail com]
Sent: Saturday, August 20, 2005 7:07 AM
To: pen-test () securityfocus com
Subject: Discovering network subnets

hello list

I'm actually doing a blackbox audit of a network, and I'm trying to discover
network architecture.

I got this output with nmap X.X.X.0/24

interresting ports on X.X.X.0
68/tcp
723/tcp
6000/tcp

I'm not sure the network is a C class one, but I'm surprised that such an ip
adress is an host IP.
What do u think ?
Any idea to guess network adressing map ?

------------------------------------------------------------------------
------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN
by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity thefts
and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
------------------------------------------------------------------------
-------


----------------------------------------------------------------------------
--
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN
by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity thefts
and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
----------------------------------------------------------------------------
---

Attachment: Timothy J Dillman.vcf
Description:

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault