Re: Mapping Class A network ( any easy trick?)

From: alank@starbug.net
Date: Tue Feb 08 2005 - 15:01:25 EST


If you are local to the network, start by seeing if any routing protocols
are running that you can sniff.

That will get you started.

If no routing protocols, then try divide and conquer.

Traceroute the /16 or /8 subnets of the class A and try to map out what
the network is setup as. That will give better hints as to what is in
use/not in use.

Query the SOA for the DNS servers, this will may give you hints on what
subnets are used for servers, possibly in other regions.

If DNS servers are not locked down, you can axfr the zone and go analyze
the ip address contained.

Look for hints to other DNS zones in different regions to harvest.

Alan

>
>
> I am about to do a penetration testing on a “Class A
> network” and wondering how I can map the network
> without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)
>
> I did some research and the best information I got is
> from one of the earlier post on this
> list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
> . It was to use broadcast IPs for pings. But it may miss some subnets.
>
> Is that the best way to it? If not, please advise
>



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:15 EDT