Re: Find out the subnetting of a company

[Miles Stevenson <miles () mstevenson org>]

On Tuesday 20 July 2004 12:22 pm, J.A. Terranson wrote:

> Dangr Will Robinson!
>
> This is not necessarily so.  Early BSD and BSD derived systems/devices may
> also answer to broadcasts on the "lower end".  Historically, the broadcast
> was originally designed to *be* the same as the network address, it is
> only recently that the last address has become the standard.
>
> There are any number of older, and in somecases (like the Nortel CVX call
> concentrators) newer devices answering on both the top and bottom
> addresses.

I was not aware of this, but great point! It would be interesting to try out 
some experimentation with some of these older BSD systems and incorporate 
some clever workarounds. If anyone has any VM images of such a case that they 
would like to share (licenses permitting of course) I would love to toy with 
it.

Hmmmm. Perhaps a little more R&D on the topic would be helpful to the infosec 
community (assuming there are still questions on this topic that have yet to 
be answered in a public write-up). It might be worth while to take a look at 
how some of the automated network mapping tools out there handle this. Maybe 
there are some improvements to be made.

Comments/Suggestions? 

-- 
Miles Stevenson
miles () mstevenson org
PGP FP: 035F 7D40 44A9 28FA 7453 BDF4 329F 889D 767D 2F63