RE: Mapping Class A network ( any easy trick?)

• Previous message: Jordan Wiens: "Re: Mapping Class A network ( any easy trick?)"
• Maybe in reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
• Next in thread: Tim: "Re: Mapping Class A network ( any easy trick?)"
• Reply: Tim: "Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 8 Feb 2005 21:13:23 +0100
To: "John Thomas" <mjohn2000_99@yahoo.com>, <pen-test@securityfocus.com>

Hi,

What is the problem with 17 million pings? If you turn of DNS resolution
it will be quite fast, even on a 10 mbit LAN. Don't use broadcast pings:
you don't know where the subnet boundaries are and therefore won't be
able to know the broadcast addresses. If it really is a /8 network (i.e.
flat, which I doubt) then you could use broadcast pings, but please note
that:
A: not all devices that respond to ping respond to broadcast ping
B: you will miss replies due to the fact that many devices will answer
simultanesouly

You might also want to manage expectations. Pentesting a full class A,
even given low population of the network will take you months. I think
what you really want to do is a vulnerability scan. Just that part,
running nmap and nessus on a full class A will keep you busy for a while
:-) Just make sure the client is aware that not all IP's on his class A
will be hit.

--Ralph
 

-----Original Message-----
From: John Thomas [mailto:mjohn2000_99@yahoo.com]
Sent: 08 February 2005 17:42
To: pen-test@securityfocus.com
Subject: Mapping Class A network ( any easy trick?)

--- Virus checked / op virussen gecontroleerd ---

I am about to do a penetration testing on a "Class A network" and
wondering how I can map the network without pinging 17 million IPs.(nmap
-Sp 10.0.0.0/8)

I did some research and the best information I got is from one of the
earlier post on this
list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
. It was to use broadcast IPs for pings. But it may miss some subnets.

Is that the best way to it? If not, please advise

--------------------------------------------------------------------------------------------------------------------------------------------
De informatie verzonden met dit e-mailbericht (en bijlagen) is uitsluitend bestemd voor de geadresseerde(n) en zij die van de geadresseerde(n) toestemming hebben dit bericht te lezen. Gebruik door anderen dan geadresseerde(n) is verboden. De informatie in dit e-mailbericht (en de bijlagen) kan vertrouwelijk van aard zijn en kan binnen het bereik vallen van een geheimhoudingsplicht.
KPMG is niet aansprakelijk voor schade ten gevolge van het gebruik van elektronische middelen van communicatie, daaronder begrepen -maar niet beperkt tot- schade ten gevolge van niet aflevering of vertraging bij de aflevering van elektronische berichten, onderschepping of manipulatie van elektronische berichten door derden of door programmatuur/apparatuur gebruikt voor elektronische communicatie en overbrenging van virussen en andere kwaadaardige programmatuur.

Any information transmitted by means of this e-mail (and any of its attachments) is intended exclusively for the addressee or addressees and for those authorized by the addressee or addressees to read this message. Any use by a party other than the addressee or addressees is prohibited. The information contained in this e-mail (or any of its attachments) may be confidential in nature and fall under a duty of non-disclosure.
KPMG shall not be liable for damages resulting from the use of electronic means of communication, including -but not limited to- damages resulting from failure or delay in delivery of electronic communications, interception or manipulation of electronic communications by third parties or by computer programs used for electronic communications and transmission of viruses and other malicious code.

--------------------------------------------------------------------------------------------------------------------------------------------

• Previous message: Jordan Wiens: "Re: Mapping Class A network ( any easy trick?)"
• Maybe in reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
• Next in thread: Tim: "Re: Mapping Class A network ( any easy trick?)"
• Reply: Tim: "Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages RE: ICMP (Ping) ... To go straight to running a vuln scan against a box that isn't up ... Not seemingly from all the replies that I have seen. ... dictates that most do that and that is why many people block pings. ... - Precisely Define and Implement Network Security ... (Security-Basics) Re: NLB Cluster - Ping fails or long time to reply from outside local subnet ... Using Network Monitor I see the pings being received and replies being sent ... Windows Server 2008 Readiness Team ... administered address is being set correctly on the cluster adapter. ... (microsoft.public.windows.server.clustering) Re: 192.168.x.x oddities ... When I went to the server to see if I could connect to a share on the ... I run a small network at home, using a wireless router to connect to a ... and unrouteable on the Internet. ... Am I therefore correct in my assumption that the ISP is routing my pings ... (Security-Basics) Two routers, same configuration, different result ... We plan to retire the box acting as our network router and merge ... Pings from the internal network to the router's internal address work. ... iface lo inet loopback ... (comp.os.linux.networking) Re: Linux nukes my network hardware? ... so the network was not brought up. ... > couple of pings. ... > was still fine so I decided to start Debian again and was immediately ... > date kernel that I configured myself, the broken system uses Debian's ... (Debian-User)