RE: Find out the subnetting of a company

From: Dieter Sarrazyn (dsr_at_ascure.com)
Date: 07/20/04

  • Next message: Miles Stevenson: "Re: Find out the subnetting of a company"
    Date: Tue, 20 Jul 2004 08:38:42 +0200
    To: <il.prof@virgilio.it>, <pen-test@securityfocus.com>
    
    

    Hi,

    You can find lot's of the subnet structure with ping & traceroute scans
    already. First, you can use the ping functionality of nmap (nmap -sP)
    which should give you information about network and broadcast addresses.
    If you found these parts, you already know how the subnetting is done.
    With traceroute, you'll find out how these subnets are connected to
    eachother.

    Of course, if there's a router that has snmp enabled, try to find one of
    the community strings & dump the routing table of this router...

    Hope this helps.

    regards,
    Dieter

    > -----Original Message-----
    > From: il.prof@virgilio.it [mailto:il.prof@virgilio.it]
    > Sent: donderdag 15 juli 2004 10:17
    > To: pen-test@securityfocus.com
    > Subject: Find out the subnetting of a company
    >
    > During an internal black-box penetration test, from a subnet
    > of a company (with or without DHCP), how do you find out the
    > structure of the other subnets of network? In particular, how
    > do you determine/discover the subnetting of the IP space of a company?
    >
    > An example:
    >
    > - IP network of the company XYZ: 10.0.0.0/8 (I use a private
    > class to avoid the use of a real address space)
    > - I?m in the subnet 10.0.0.0/24
    >
    > How do you find out the structure of other subnets that are
    > part of the network 10.0.0.0/8?
    >
    > Il Prof.
    >
    >
    >
    >


  • Next message: Miles Stevenson: "Re: Find out the subnetting of a company"

    Relevant Pages

    • Re: Find subnet
      ... Actually, if icmp isn't blocked, you can use traceroute on the surrounding addresses and pretty well deduce the subnetting used. ...
      (alt.2600)
    • Re: Find out the subnetting of a company
      ... you can use the ping functionality of nmap ... which should give you information about network and broadcast addresses. ... you already know how the subnetting is done. ... the community strings & dump the routing table of this router... ...
      (Pen-Test)