Penetration Testing mailing list archives
Re: Find out the subnetting of a company
From: "Volker Tanger" <volker.tanger () detewe de>
Date: Wed, 21 Jul 2004 09:20:31 +0200
Hi!
During an internal black-box penetration test, from a subnet of a company (with or without DHCP), how do you find out the structure of the other subnets of network?
Sometimes it is better/easier to take a purely passive approach. Running ARPWATCH will tell you quite a lot about the (physically attached) networks and devices - especially the hardware vendor IDs (Vendor-IDs Cisco, Nortel etc. are a dead giveaways for points of interest). Plainly tunning TCPDUMP and filtering for NETBIOS broadcasts will tell you quite nicely network boundaries of networks where Microsoft systems are active. Bye Volker Tanger ITK Security
Current thread:
- Find out the subnetting of a company il . prof (Jul 19)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
- Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
- Re: Find out the subnetting of a company Andy Cuff (Jul 21)
- Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
- RE: Find out the subnetting of a company easternerd (Jul 21)
- Re: Find out the subnetting of a company Tim (Jul 21)
- <Possible follow-ups>
- RE: Find out the subnetting of a company Dieter Sarrazyn (Jul 20)
- Re: Find out the subnetting of a company Volker Tanger (Jul 21)
- RE: Find out the subnetting of a company Rob J Meijer (Jul 21)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 21)
- Re: Find out the subnetting of a company Tony Carter (Jul 22)
- Re: Find out the subnetting of a company Martin Mačok (Jul 23)
- RE: Find out the subnetting of a company Jerry Shenk (Jul 28)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 22)
- RE: Find out the subnetting of a company Liberty . Anthony (Jul 22)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)