Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Mapping Class A network ( any easy trick?)

From: alank () starbug net
Date: Tue, 8 Feb 2005 12:01:25 -0800 (PST)
If you are local to the network, start by seeing if any routing protocols
are running that you can sniff.

That will get you started.

If no routing protocols, then try divide and conquer.

Traceroute the /16  or /8 subnets of the class A and try to map out what
the network is setup as. That will give better hints as to what is in
use/not in use.

Query the SOA for the DNS servers, this will may give you hints on what
subnets are used for servers, possibly in other regions.

If DNS servers are not locked down, you can axfr the zone and go analyze
the ip address contained.

Look for hints to other DNS zones in different regions to harvest.

Alan




I am about to do a penetration testing on a “Class A
network” and wondering how I can map the network
without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)

I did some research and the best information I got is
from one of the earlier post on this
list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
. It was to use broadcast IPs for pings. But it may miss some subnets.

Is that the best way to it? If not, please advise
Previous By Date Next
Previous By Thread Next

Current thread: