Fw: Re: Mapping Class A network ( any easy trick?)

From: Volker Tanger (vtlists_at_wyae.de)
Date: 02/09/05

  • Next message: alank_at_starbug.net: "Re: Mapping Class A network ( any easy trick?)" 
    Date: Wed, 9 Feb 2005 00:01:50 +0100
To: pen-test@securityfocus.com

    Greetings!

    On 8 Feb 2005 16:41:33 -0000
    John Thomas <mjohn2000_99@yahoo.com> wrote:
    >
    > I am about to do a penetration testing on a “Class A
    > network” and wondering how I can map the network
    > without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)

    If you assume that such a "big" net is generously divided into class-C
    8or bigger) networks, then it should be sufficient to ping the usual
    suspects: .1 and .254 - where usually routers have their base within the
    net. If you want you could add a class-C broadcast just to make sure.

    With this you save a factor 100 off your share and usually find out
    populated subnets of the class-A one. Then proceed with fine-grained
    inspection of the class-C ones found.

    Beware: this only works on the assumption that "border" addresses are
    usually populated - which may not always hold true.

    A full class-A pingrun will take the better half a year if done
    on-per-second, two days if done 100 per second, etc.

    A 10Mbit/s line will max out somewhere below 10.000 pings per second, or
    100k resp. 1M-Pings on 100Mbit/1Gbit LANs. So if you (are allowed to)
    saturate the LAN you might theoretically be able scan the net within 20
    seconds or a few minutes. Theoretically.

    In practice that probably will be a few hours on a LAN-only net. This is
    do-able but will quite probably not go undetected even if there is no
    IDS running, especially not via (usually) congested WAN lines.

    Another option (more time-consuming yet way less intrusive) is to let
    ARPWATCH run and map the addresses in action - only within the local
    network, that is.

    The choice is depending on wether you want to save time or publicity...
    ;-)

    Bye
            Volker 

    -- 
Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB
  • Next message: alank_at_starbug.net: "Re: Mapping Class A network ( any easy trick?)"

    Relevant Pages

    • Re: Home Networking problem
      ... The Map Network Drive function in Windows Explorer refuses to allow you to ... >>I created a workgroup, shared the directory, go to map it ... >>tried a second time with the ethernet cable in the port. ...
      (microsoft.public.windowsxp.network_web)
    • Re: NET USE in 2k3
      ... > Network Security: Minimum session security for NTLM SSP (there will be one ... > map a drive to a Cellera NAS server. ... Again, this worked fine with Win 2k Server, so I'm trying to figure ... When I'm home, and plug the laptop into my home network, I ...
      (microsoft.public.windows.server.networking)
    • Re: usernameguest password prompt
      ... 1.When attempting to map a network drive from any xp pro machine on my ... This then resulted in this message when attempting to map a network drive" ... you cannot map network drives from a XP pro machine to a XP home one.I ...
      (microsoft.public.windowsxp.network_web)
    • Re: Clients not able to login to Domain
      ... that are not working as well as the Laptop that is. ... I assume that you have check the permissions on the share in question. ... >> You say Not able to login, but then your error is not able to map? ... >>> network resource. ...
      (microsoft.public.windows.server.sbs)
    • Re: usernameguest password prompt
      ... 1.When attempting to map a network drive from any xp pro machine on my ... This then resulted in this message when attempting to map a network drive" ... you cannot map network drives from a XP pro machine to a XP home one.I ...
      (microsoft.public.windowsxp.network_web)