Penetration Testing mailing list archives

RE: IP Range

From: "Dario N. Ciccarone" <dciccaro () cisco com>
Date: Sat, 31 Aug 2002 04:37:07 -0300

would work if the organization is using BGP and advertising those blocks to
the global Internet. IF the SP is lending them addresses from their own
address space, that is not going to work (SPs advertise the whole block and
then usually use a couple of static routes on the CPE they have installed on
the customer premise). but each and every SP has to declare on an rwhois
server what range it has assigned to each of its customers. so, find the
name of their SP(s) and query their rwhois server.

-----Original Message-----
From: Jason [mailto:security () brvenik com]
Sent: Friday, August 30, 2002 11:41 AM
To: John Madden; pen-test () securityfocus com
Subject: Re: IP Range

One way is you could get the ASN then use some human cycles.

use any of the many public route servers available.

on a cisco you could try

sho ip bgp [dest netblock] <== the last ASN is the target below
sho ip bgp regexp [ASN] <== should show all routes services by that ASN.

and use contact correlation in arin/ripe/apnic whois for netblocks...

John Madden wrote:

Hello,

Where just about to begin a pentest engagement and the
client wants us to know if we can find out how many IP
blocks they have. Is there a way to find out all the
IP blocks of a company ? You've got the usual e-mail
domain name to find at least one but what if they have
2,3 + IP blocks ?

Any ideas ?

thanks

__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

------------------------------------------------------------------
----------

This list is provided by the SecurityFocus Security

Intelligence Alert (SIA)

Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities

please see:

https://alerts.securityfocus.com/




------------------------------------------------------------------
----------
This list is provided by the SecurityFocus Security Intelligence
Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities
please see:
https://alerts.securityfocus.com/



----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Current thread:

Re: IP Range Matthew Leeds (Sep 02)
- <Possible follow-ups>
- RE: IP Range Dario N. Ciccarone (Sep 02)
- Re: IP Range planz (Sep 03)
- Re: IP Range Earl Robinson (Sep 05)
- Re: IP Range sunzi (Sep 05)
  - Re: IP Range Greg Owen (Sep 09)