Re: Mapping Class A network ( any easy trick?)

[Tim <tim-pentest () sentinelchicken org>]

> You might also want to manage expectations. Pentesting a full class A,
> even given low population of the network will take you months. I think

It can be done faster.

Once upon a time I built a system with primarily shell/python/perl which
used nmap and nbtscan to scan all RFC1918 addresses in a large company.
With a LOT of timing optimization options, and a very focused set of
ports we were scanning for, we were able to scan this many IPs in 2-3
days.  However, we had to distribute the scan across 8 linux machines,
each of which ran 4 scanning threads in parallel.  We didn't utilize any
broadcasts, of course.

It is a pain, and I don't recommend doing it unless you have a good
reason, but it can be done with enough effort.

The more recent versions of nmap supposedly has a more efficient
scanning engine.  Definately use the newest stuff.

tim

ps- Our scanning network could scan 300+ IPs/sec on average (majority of
IPs didn't have hosts, of course) and during the scan, a few older
firewalls tipped over.  Be careful.