Re: [PEN-TEST] Subnet Discovery...

[Jason Ellison <infotek () DATASYNC COM>]

i noticed sending a snmp request to the network ip address of an alias'ed
tokenring adapter on a cisco router cause the packet to be resent to mac
ff:ff:ff:ff:ff:ff ip 255.255.255.255:snmp out the tokenring adapter. this
causes all ip network devices on the tokenring netowork to recive the snmp
request. i noticed when an aix box that did not have an ip address on the
paticular network being queried was responding to snmprequest

snmpwalk 192.168.64.8 public system.* geting responses from all devices on
physical tokenring network. this is the packet sent from the linux box
0:12:29.886261 192.168.1.1.4440 > 198.208.64.8.161: GetNextRequest(26)
.1.3.6.1.2.1.1
and packet seen on the tokenring network
00:38:43.292027326 0:6:7c:9a:68:85 ff:ff:ff:ff:ff:ff 0800 91:
192.168.1.1.4440 > 255.255.255.255.161:GetNextRequest(15) [|snmp]