RE: FW: Mapping Class A network ( any easy trick?)

From: Navin Johnson (printerscanner_at_hotmail.com)
Date: 02/08/05

  • Next message: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)" 
    To: pen-test@securityfocus.com
Date: Tue, 08 Feb 2005 12:09:37 -0600

    Here is how I attack this problem:
    - Use DNS first to get a list of potentially live IPs
      - Try doing a zone transfer to get a list of IPs
      - Try resolving the IPs to hostnames and look for PTR records (perl works
    well for this, Michael Fuhr wrote a script called mresolv.pl that does this)
    - Traceroute to the live IPs to get a list of all the network device IPs
       - If they use a standard like all routers are at .254 or .1 or .100, make
    a list of potential IPs for routers and ping those.
    - Take a listing of all the live addresses you have at this point and break
    them into class C ranges.
    - Ping the class C range

    If you can get access to a router, you can then do a 'show ip route' to see
    if you missed any ranges.

    >-----Original Message-----
    >From: John Thomas [mailto:mjohn2000_99@yahoo.com]
    >Sent: Tuesday, February 08, 2005 11:42 AM
    >To: pen-test@securityfocus.com
    >Subject: Mapping Class A network ( any easy trick?)
    >
    >
    >
    >
    >I am about to do a penetration testing on a "Class A
    >network" and wondering how I can map the network
    >without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)
    >
    >I did some research and the best information I got is
    >from one of the earlier post on this
    >list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
    >. It was to use broadcast IPs for pings. But it may miss some subnets.
    >
    >Is that the best way to it? If not, please advise
    >
    >
    >The information contained in this communication and its attachment(s) is
    >intended only for the use of the individual to whom it is addressed and may
    >contain information that is privileged, confidential, or exempt from
    >disclosure. If the reader of this message is not the intended recipient,
    >you are hereby notified that any dissemination, distribution, or copying of
    >this communication is strictly prohibited. If you have received this
    >communication in error, please notify postmaster@owenscorning.com and
    >delete the communication without retaining any copies. Thank you.
    >
    >Translations available: http://www.owenscorning.com/emailfooter.html
    >
    >
    >

  • Next message: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"

    Relevant Pages

    • Re: IPS, alternative solutions
      ... I have the impression that some of the alternatives to IPS you mentioned ... Parts of the market have matured (network ... implementations (in-line protocol decoding and blocking/active response ... an often deployed technology at this time is ...
      (Focus-IDS)
    • RE: ASIC Based IPS
      ... IPS performs on each network stream can be done in parallel, ... There are 2 ways to achieve parallelism: ... The benefits of speed come about when you start using ASICs in parallel ...
      (Focus-IDS)
    • NADS ( was RE: IPS comparison)
      ... One thing that does bother me is how IPS has been ... great at the perimeter or other "choke points" in the network. ... NADS gives much of the value of traditional network ... that detection by itself is just not enough. ...
      (Focus-IDS)
    • RE: adding another defence layer against viruses/worms
      ... I believe your looking for a Heuristic IPS, ... I like the solutions ob Boaz, especially network segregation. ... Securing Apache Web Server with thawte Digital Certificate ...
      (Security-Basics)
    • RE: Network hardware IPS
      ... Subject: Network hardware IPS ... > Intrusion Prevention and Traffic Shaping Technology to: ...
      (Focus-IDS)