Penetration Testing mailing list archives
Re: Find out the subnetting of a company
From: Tony Carter <tcarter () entrusion com>
Date: Wed, 21 Jul 2004 20:44:56 -0400
ICMP type 18, Address mask reply message is generated in response to an ICMP type 17, Address mask request message.
ICMPush at packetstorm or http://www.angio.net/security/icmpquery.c -Tony On Jul 20, 2004, at 12:53 PM, David M. Zendzian wrote:
Isn't there some icmp or ip based packet that can be sent to most devices querying the subnet theyare in? I am on vacation with only blackberry and can't google it, but someone out there must be familiar with that??-----Original Message----- From: "Dieter Sarrazyn" <dsr () ascure com> Date: Tue, 20 Jul 2004 08:38:42 To:<il.prof () virgilio it>, <pen-test () securityfocus com> Subject: RE: Find out the subnetting of a company Hi, You can find lot's of the subnet structure with ping & traceroute scans already. First, you can use the ping functionality of nmap (nmap -sP)which should give you information about network and broadcast addresses.If you found these parts, you already know how the subnetting is done. With traceroute, you'll find out how these subnets are connected to eachother.Of course, if there's a router that has snmp enabled, try to find one ofthe community strings & dump the routing table of this router... Hope this helps. regards, Dieter-----Original Message----- From: il.prof () virgilio it [mailto:il.prof () virgilio it] Sent: donderdag 15 juli 2004 10:17 To: pen-test () securityfocus com Subject: Find out the subnetting of a company During an internal black-box penetration test, from a subnet of a company (with or without DHCP), how do you find out the structure of the other subnets of network? In particular, how do you determine/discover the subnetting of the IP space of a company? An example: - IP network of the company XYZ: 10.0.0.0/8 (I use a private class to avoid the use of a real address space) - I?m in the subnet 10.0.0.0/24 How do you find out the structure of other subnets that are part of the network 10.0.0.0/8? Il Prof./--------------------------------------\ David M. Zendzian * dmz () dmzs com (415) 867-7812 - phone ------------- Imagination is greater than knowledge * Albert Einstein Every day is a good day, whether you like it or not! *
Current thread:
- Re: Find out the subnetting of a company, (continued)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
- Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
- Re: Find out the subnetting of a company Andy Cuff (Jul 21)
- Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
- RE: Find out the subnetting of a company easternerd (Jul 21)
- Re: Find out the subnetting of a company Tim (Jul 21)
- RE: Find out the subnetting of a company Dieter Sarrazyn (Jul 20)
- Re: Find out the subnetting of a company Volker Tanger (Jul 21)
- RE: Find out the subnetting of a company Rob J Meijer (Jul 21)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 21)
- Re: Find out the subnetting of a company Tony Carter (Jul 22)
- Re: Find out the subnetting of a company Martin Mačok (Jul 23)
- RE: Find out the subnetting of a company Jerry Shenk (Jul 28)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 22)
- RE: Find out the subnetting of a company Liberty . Anthony (Jul 22)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)