Re: Find out the subnetting of a company

From: David M. Zendzian (dmz_at_dmzs.com)
Date: 07/21/04

  • Next message: Tony Carter: "Re: Find out the subnetting of a company" 
    Date: Wed, 21 Jul 2004 16:58:15 -0400
To: volker.tanger@detewe.de
To: pen-test@securityfocus.com

    Ok, after a little searching I did find the info I mentioned the other day.

    Icmp can send a host mask request. For example using sing:
      Sing -mask -c 1 IPADDR

    Check out http://www.whitehats.ca/main/publications/external_pubs/icmp_usage/icmp_usage.html

    David
    -----Original Message-----
    From: "Volker Tanger" <volker.tanger@detewe.de>
    Date: Wed, 21 Jul 2004 09:20:31
    To:pen-test@securityfocus.com
    Subject: Re: Find out the subnetting of a company

    Hi!

    > > During an internal black-box penetration test, from a subnet
    > > of a company (with or without DHCP), how do you find out the
    > > structure of the other subnets of network?

    Sometimes it is better/easier to take a purely passive approach.

    Running ARPWATCH will tell you quite a lot about the (physically
    attached) networks and devices - especially the hardware vendor IDs
    (Vendor-IDs Cisco, Nortel etc. are a dead giveaways for points of
    interest).

    Plainly tunning TCPDUMP and filtering for NETBIOS broadcasts will tell
    you quite nicely network boundaries of networks where Microsoft systems
    are active.

    Bye

    Volker Tanger
    ITK Security

    /--------------------------------------\
     David M. Zendzian * dmz@dmzs.com
     (415) 867-7812 - phone
      -------------
      Imagination is greater than knowledge * Albert Einstein
     Every day is a good day, whether you like it or not! *

  • Next message: Tony Carter: "Re: Find out the subnetting of a company"

    Relevant Pages

    • Re: This Is a Joke - Right?
      ... >>David wrote: ... Mostly propaganda pieces about how war is ... >>irrelevant in view of more important things in life that really ... > network and no one says anything. ...
      (rec.arts.tv)
    • Re: Networks
      ... >> Hi Kerry - By hindsight, I think you are probably right. ... >> only one of my machines has a network card. ... It's amazing what limited hardware can do and how efficient it ... >> Cheers, David ...
      (microsoft.public.windowsxp.network_web)
    • Re: Network share limit
      ... David K wrote: ... XP pro. ... and the network printers, and have run into the 10-share limit. ... Any mainstream Linux distro will install Samba as part of the OS installation and act as a fileserver for as many connections as you need. ...
      (microsoft.public.win2000.networking)
    • Re: 291 IP Addressing Help
      ... My problem is that I cannot see, understand, the uses for subnetting. ... then I keep on trying to make sense of it all on my home network ... IP addressing and that was my lowest. ... I can go to get extra material to help me study for the exam again by ...
      (microsoft.public.cert.exam.mcsa)
    • Re: *** No Intenet Connection ***
      ... David H. Lipman wrote: ... I've been there before many times - I think this is a network issue, ... I've even removed "Communications" from the Windows Add/Remove Setup and reinstalled that - no dice. ... I also did a Windows repair install - ran the setup program and NO DICE. ...
      (microsoft.public.windowsxp.general)