Penetration Testing mailing list archives
RE: Blind penetration testing
From: "Jim Becher" <jim () becher net>
Date: Tue, 2 Oct 2001 22:07:43 -0500
Two suggestions: 1) One thing I have found useful in identifying address blocks is (in the US) ARIN. If you do a whois at the ARIN site for the company name, it will tell you what address space has been SWIP'd out to them. 2) Also, if they have an Autonomous System Number, and are running BGP -- that is another way to find out address space, who their providers are, etc. Telnet into route-views.oregon-ix.net (no username/password needed), and do a "show ip bgp | in <AS #>. HTH -bech -----Original Message----- From: Trey Mujakporue [mailto:tmujak () lucent com] Sent: Tuesday, October 02, 2001 9:50 AM To: Pen-Test Subject: Blind penetration testing Im about to start work on a completely blind penetraton test for a client. The only information i have been given is the company name. From this i can get their corporate web site and from there do a DIG for more company info and address ranges after which i can start my reconnaissance. Question, can anyone out there offer any tips based on this scenario? #include <signature.h> ://Trey Atarhe Mujakporue ://tmujak () ins com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Blind penetration testing Trey Mujakporue (Oct 02)
- Re: Blind penetration testing Meritt James (Oct 04)
- RE: Blind penetration testing Jim Becher (Oct 04)
- <Possible follow-ups>
- RE: Blind penetration testing Sanchez, Scott (Oct 04)
- Re: Blind penetration testing hofmemi (Oct 04)
- Re: Blind penetration testing Ilici Ramirez (Oct 04)
- Re: Blind penetration testing Andrew Simmons (Oct 04)
- RE: Blind penetration testing Grab Raham (Oct 04)