From: batz (batsy@vapour.net)
Date: Mon Jun 03 2002 - 17:06:19 EDT
On Mon, 3 Jun 2002, RT wrote:
:Here's the PERL script:
Handy script, but can be limited by aggregation, which is pretty common
at exchange points.
A more thorough method is to use hping or traceroute with the ttl set within
1 or two hops of the destination, and sample address ranges using the
beginnings of CIDR blocks from /24 to /29's. This should flush out
the routers, and then you will generally find clusters of contiguous
address space around each router.
Hping is handy b/c you can use udp/53 and be mostly innocuous, as few
people ever corelate icmp unreachable alerts from their IDS, even
though it is the best way to catch someone firewalking.
-- batz ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:22 EDT