Re: Mapping Class A network ( any easy trick?)
alank_at_starbug.net
Date: 02/08/05
- Previous message: Ty Bodell: "Re: PDA pen testing question"
- In reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
- Next in thread: Jordan Wiens: "Re: Mapping Class A network ( any easy trick?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 8 Feb 2005 12:01:25 -0800 (PST) To: pen-test@securityfocus.com
If you are local to the network, start by seeing if any routing protocols
are running that you can sniff.
That will get you started.
If no routing protocols, then try divide and conquer.
Traceroute the /16 or /8 subnets of the class A and try to map out what
the network is setup as. That will give better hints as to what is in
use/not in use.
Query the SOA for the DNS servers, this will may give you hints on what
subnets are used for servers, possibly in other regions.
If DNS servers are not locked down, you can axfr the zone and go analyze
the ip address contained.
Look for hints to other DNS zones in different regions to harvest.
Alan
>
>
> I am about to do a penetration testing on a “Class A
> network” and wondering how I can map the network
> without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)
>
> I did some research and the best information I got is
> from one of the earlier post on this
> list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
> . It was to use broadcast IPs for pings. But it may miss some subnets.
>
> Is that the best way to it? If not, please advise
>
- Previous message: Ty Bodell: "Re: PDA pen testing question"
- In reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
- Next in thread: Jordan Wiens: "Re: Mapping Class A network ( any easy trick?)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
