Penetration Testing mailing list archives

Re: Find out the subnetting of a company

From: Tim <tim-security () sentinelchicken org>
Date: Tue, 20 Jul 2004 18:26:23 -0700

During an internal black-box penetration test, from a subnet of a company
(with or without DHCP), how do you find out the structure of the other subnets
of network? In particular, how do you determine/discover the subnetting
of the IP space of a company?


I just ran across this today, while trying to figure out what ICMP
requests I wanted to let through my firewall.

http://www.networksorcery.com/enp/protocol/icmp/msg17.htm

Perhaps by doing traceroutes to various IPs, followed by a subnet
request to the routers that show up would be helpful.  I don't know how
well it is even supported, but would save you lots of work if it worked.

Needless to say, I didn't allow this one through the ol' firewall... ;-)

tim

Current thread:

Find out the subnetting of a company il . prof (Jul 19)
- Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
  - Re: Find out the subnetting of a company J.A. Terranson (Jul 20)
    - Re: Find out the subnetting of a company Miles Stevenson (Jul 20)
  - Re: Find out the subnetting of a company Andy Cuff (Jul 21)
- RE: Find out the subnetting of a company easternerd (Jul 21)
- Re: Find out the subnetting of a company Tim (Jul 21)
- <Possible follow-ups>
- RE: Find out the subnetting of a company Dieter Sarrazyn (Jul 20)
  - Re: Find out the subnetting of a company Volker Tanger (Jul 21)
  - RE: Find out the subnetting of a company Rob J Meijer (Jul 21)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 21)
  - Re: Find out the subnetting of a company Tony Carter (Jul 22)
  - Re: Find out the subnetting of a company Martin Mačok (Jul 23)
    - RE: Find out the subnetting of a company Jerry Shenk (Jul 28)
- Re: Find out the subnetting of a company David M. Zendzian (Jul 22)
- RE: Find out the subnetting of a company Liberty . Anthony (Jul 22)