Re: Find out the subnetting of a company

From: Tim (tim-security@sentinelchicken.org)
Date: Tue Jul 20 2004 - 21:26:23 EDT

• Next message: David M. Zendzian: "Re: Find out the subnetting of a company"
• Previous message: David M. Zendzian: "Re: Find out the subnetting of a company"
• In reply to: il.prof@virgilio.it: "Find out the subnetting of a company"
• Next in thread: David M. Zendzian: "Re: Find out the subnetting of a company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> During an internal black-box penetration test, from a subnet of a company
> (with or without DHCP), how do you find out the structure of the other subnets
> of network? In particular, how do you determine/discover the subnetting
> of the IP space of a company?

I just ran across this today, while trying to figure out what ICMP
requests I wanted to let through my firewall.

http://www.networksorcery.com/enp/protocol/icmp/msg17.htm

Perhaps by doing traceroutes to various IPs, followed by a subnet
request to the routers that show up would be helpful. I don't know how
well it is even supported, but would save you lots of work if it worked.

Needless to say, I didn't allow this one through the ol' firewall... ;-)

tim

• Next message: David M. Zendzian: "Re: Find out the subnetting of a company"
• Previous message: David M. Zendzian: "Re: Find out the subnetting of a company"
• In reply to: il.prof@virgilio.it: "Find out the subnetting of a company"
• Next in thread: David M. Zendzian: "Re: Find out the subnetting of a company"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:58 EDT