RE: FW: Mapping Class A network ( any easy trick?)

From: Navin Johnson (printerscanner@hotmail.com)
Date: Tue Feb 08 2005 - 13:09:37 EST

• Next message: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Previous message: Moonen, Ralph: "RE: Mapping Class A network ( any easy trick?)"
• Maybe in reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
• Next in thread: alank@starbug.net: "Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Here is how I attack this problem:
- Use DNS first to get a list of potentially live IPs
  - Try doing a zone transfer to get a list of IPs
  - Try resolving the IPs to hostnames and look for PTR records (perl works
well for this, Michael Fuhr wrote a script called mresolv.pl that does this)
- Traceroute to the live IPs to get a list of all the network device IPs
   - If they use a standard like all routers are at .254 or .1 or .100, make
a list of potential IPs for routers and ping those.
- Take a listing of all the live addresses you have at this point and break
them into class C ranges.
- Ping the class C range

If you can get access to a router, you can then do a 'show ip route' to see
if you missed any ranges.

>-----Original Message-----
>From: John Thomas [mailto:mjohn2000_99@yahoo.com]
>Sent: Tuesday, February 08, 2005 11:42 AM
>To: pen-test@securityfocus.com
>Subject: Mapping Class A network ( any easy trick?)
>
>
>
>
>I am about to do a penetration testing on a "Class A
>network" and wondering how I can map the network
>without pinging 17 million IPs.(nmap -Sp 10.0.0.0/8)
>
>I did some research and the best information I got is
>from one of the earlier post on this
>list(http://seclists.org/lists/pen-test/2004/Jul/0067.html)
>. It was to use broadcast IPs for pings. But it may miss some subnets.
>
>Is that the best way to it? If not, please advise
>
>
>The information contained in this communication and its attachment(s) is
>intended only for the use of the individual to whom it is addressed and may
>contain information that is privileged, confidential, or exempt from
>disclosure. If the reader of this message is not the intended recipient,
>you are hereby notified that any dissemination, distribution, or copying of
>this communication is strictly prohibited. If you have received this
>communication in error, please notify postmaster@owenscorning.com and
>delete the communication without retaining any copies. Thank you.
>
>Translations available: http://www.owenscorning.com/emailfooter.html
>
>
>

• Next message: Volker Tanger: "Fw: Re: Mapping Class A network ( any easy trick?)"
• Previous message: Moonen, Ralph: "RE: Mapping Class A network ( any easy trick?)"
• Maybe in reply to: John Thomas: "Mapping Class A network ( any easy trick?)"
• Next in thread: alank@starbug.net: "Re: Mapping Class A network ( any easy trick?)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:16 EDT