Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Find out the subnetting of a company

From: "J.A. Terranson" <measl () mfn org>
Date: Tue, 20 Jul 2004 11:22:32 -0500 (CDT)

On Mon, 19 Jul 2004, Miles Stevenson wrote:


Usually, the best way to map out how a chunk of address space has been
subnetted, is by finding out which addresses are used for broadcasting. This
is a trivial task for a tool like nmap, which will notify you when it has
stumbled upon a broadcast address.

Once you have found a broadcast address, you know that you have the "top end"
of a subnet.


Dangr Will Robinson!

This is not necessarily so.  Early BSD and BSD derived systems/devices may
also answer to broadcasts on the "lower end".  Historically, the broadcast
was originally designed to *be* the same as the network address, it is
only recently that the last address has become the standard.

There are any number of older, and in somecases (like the Nortel CVX call
concentrators) newer devices answering on both the top and bottom
addresses.

-- 
Yours,

J.A. Terranson
sysadmin () mfn org
0xBD4A95BF

  "...justice is a duty towards those whom you love and those whom you do
  not.  And people's rights will not be harmed if the opponent speaks out
  about them."      Osama Bin Laden
        - - -

  "There aught to be limits to freedom!"    George Bush
        - - -

Which one scares you more?
Previous By Date Next
Previous By Thread Next

Current thread: