Re: Mapping Class A network ( any easy trick?)

From: Tim (tim-pentest@sentinelchicken.org)
Date: Wed Feb 09 2005 - 12:10:24 EST


> You might also want to manage expectations. Pentesting a full class A,
> even given low population of the network will take you months. I think

It can be done faster.

Once upon a time I built a system with primarily shell/python/perl which
used nmap and nbtscan to scan all RFC1918 addresses in a large company.
With a LOT of timing optimization options, and a very focused set of
ports we were scanning for, we were able to scan this many IPs in 2-3
days. However, we had to distribute the scan across 8 linux machines,
each of which ran 4 scanning threads in parallel. We didn't utilize any
broadcasts, of course.

It is a pain, and I don't recommend doing it unless you have a good
reason, but it can be done with enough effort.

The more recent versions of nmap supposedly has a more efficient
scanning engine. Definately use the newest stuff.

tim

ps- Our scanning network could scan 300+ IPs/sec on average (majority of
IPs didn't have hosts, of course) and during the scan, a few older
firewalls tipped over. Be careful.



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:16 EDT