Re: Mapping Class A network ( any easy trick?)

• Previous message: Henderson, Dennis K.: "RE: Mapping Class A network ( any easy trick?)"
• In reply to: Moonen, Ralph: "RE: Mapping Class A network ( any easy trick?)"
• Next in thread: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Maybe reply: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 9 Feb 2005 12:10:24 -0500
To: "Moonen, Ralph" <Moonen.Ralph@kpmg.nl>

> You might also want to manage expectations. Pentesting a full class A,
> even given low population of the network will take you months. I think

It can be done faster.

Once upon a time I built a system with primarily shell/python/perl which
used nmap and nbtscan to scan all RFC1918 addresses in a large company.
With a LOT of timing optimization options, and a very focused set of
ports we were scanning for, we were able to scan this many IPs in 2-3
days. However, we had to distribute the scan across 8 linux machines,
each of which ran 4 scanning threads in parallel. We didn't utilize any
broadcasts, of course.

It is a pain, and I don't recommend doing it unless you have a good
reason, but it can be done with enough effort.

The more recent versions of nmap supposedly has a more efficient
scanning engine. Definately use the newest stuff.

tim

ps- Our scanning network could scan 300+ IPs/sec on average (majority of
IPs didn't have hosts, of course) and during the scan, a few older
firewalls tipped over. Be careful.

• Previous message: Henderson, Dennis K.: "RE: Mapping Class A network ( any easy trick?)"
• In reply to: Moonen, Ralph: "RE: Mapping Class A network ( any easy trick?)"
• Next in thread: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Maybe reply: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]