Penetration Testing mailing list archives
RE: Discovering network subnets
From: "Payton, Zack" <Zack.Payton () MWAA com>
Date: Sat, 20 Aug 2005 18:35:27 -0400
Most likely it's not a /24 but some kind of larger network like a /23 for example. For example: 10.0.0.0/23 ranges from 10.0.0.0 - 10.0.1.255 making 10.0.1.0 a completely valid address. As far as figuring out the topology map where are you in relation to the network? If you're on the broadcast domain use DHCP or a sniffer to listen for broadcast packets. If not... See if you can query network devices using SNMP... It's pretty trivial to figure out packet signatures for cisco and Juniper routers and then brute force SNMP. Using DHCP relay sometimes works. ICMP Address mask requests if they're not behind a firewall which they don't appear to be if X windows is exposed to the internet. If it's not a private network just use traceroute.orgs route servers.... If you're in the same AS it may be possible to for a routing adjacency with the IGP using FX's virtual router attack kit... Who knows? Z -----Original Message----- From: hannibal blog [mailto:hannibalsec () gmail com] Sent: Saturday, August 20, 2005 7:07 AM To: pen-test () securityfocus com Subject: Discovering network subnets hello list I'm actually doing a blackbox audit of a network, and I'm trying to discover network architecture. I got this output with nmap X.X.X.0/24 interresting ports on X.X.X.0 68/tcp 723/tcp 6000/tcp I'm not sure the network is a C class one, but I'm surprised that such an ip adress is an host IP. What do u think ? Any idea to guess network adressing map ? ------------------------------------------------------------------------ ------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't Learn the hacker's secrets that compromise wireless LANs. Secure your WLAN by understanding these threats, available hacking tools and proven countermeasures. Defend your WLAN against man-in-the-Middle attacks and session hijacking, denial-of-service, rogue access points, identity thefts and MAC spoofing. Request your complimentary white paper at: http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801 -------------------------------------------------------------------------------
Current thread:
- Discovering network subnets hannibal blog (Aug 20)
- Re: Discovering network subnets Craig Holmes (Aug 21)
- Re: Discovering network subnets Kelly Scroggins (Aug 21)
- Re: Discovering network subnets Kelly Scroggins (Aug 21)
- <Possible follow-ups>
- RE: Discovering network subnets Payton, Zack (Aug 20)
- RE: Discovering network subnets Timothy Dillman (Aug 21)
- Re: RE: Discovering network subnets nobody (Aug 21)
- Re: RE: Discovering network subnets chad (Aug 22)
- Re: RE: Discovering network subnets hannibal blog (Aug 23)