Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Nessus-Users
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: How to produce a list of target subnets?

from [Drew Simonis] Network Security [Permanent Link]
Subject: Re: How to produce a list of target subnets?
Date: Mon, 24 Mar 2008 09:36:56 -0500 
While a /24 is nice and manageable, it might not be how the network is
broken down.  For example, my company uses private space, and subnets
some larger offices on a /20 boundary... anyway, the OP asked about
subnets, not hosts.  I'd say that if his company doesn't know which
subnets are in use, they have bigger problems.  Foremost is that it is
hard to determine "subnets" in use, period.  Routers can summarize,
or networks may not be advertised outside of a smaller community.  That
leaves you with gathering IPs, which is prone to fail for all the
reasons you've seen.   IMO, the best way to gather this IP info if
unknown (and if not wanting to involve querying the network
infrastructure) is via passive monitoring to see what there is to see,
assuming you can get visibility.  Netflow or similar can help bunches
here.  But, if you really want subnets, you can always just query the
individual router configuations (not the routing tables) and see what
networks their interfaces are configured for.  Maybe some sort of SNMP
sweep if you can learn the community names. 

-ds

  ----- Original Message -----
  From: mike.sleeper@srs.gov
  To: "Rathbun, Dan"
  Subject: Re: How to produce a list of target subnets?
  Date: Mon, 24 Mar 2008 09:28:44 -0400


  Here's one approach that may give you a starting point.
  -----------------------------------------------------------
  For each /24 on your network (class C)
   - Ping sweep/ Nmap sweep / etc.... across current subnet
   - parse result file (e.g. perl) to build a nessus host file of
  devices that are up.
   - Nessus scan of that subnet
   - next subnet

  -  Problems with this approach
  -  Devices can be turned off by the time they are scanned.
  -  Devices that do not respond on the port/protocol you are using to
  determine they are up.


  There are variations on this approach to include the size of the
  subnet, using a Full NMap and assume hosts are up, etc.....



  ----------------------------------------------------
  Mike Sleeper  CISSP, CCSE, CCFS
   Computer & Information Security
  ----------------------------------------------------

  ************* DISCLAIMER ***********************************
  The above comments are my own and do not
  necessarily represent those of my employer or
  contractor.  Any information or advice provided by
  me shall be given under the "caveat emptor" principal.
  *****************************************************************



  "Rathbun, Dan" <Dan.Rathbun@aecom.com>
  Sent by: nessus-bounces@list.nessus.org

  03/24/2008 08:26 AM

  To <nessus@list.nessus.org>
  cc
  Subject How to produce a list of target subnets?





  Greetings,

  I am trying to figure out the best way to produce a comprehensive
  list of subnets on our global network in order to feed it into
  Nessus.  Due to the size of our network and the dynamic nature of it,
  a new list really ought to be generated at least quarterlyâif not
  monthly.  I have tried simply pulling a routing table off one of the
  core routers, but the resulting file requires too much reformatting
  to make it fit for this use.  There has to be an easier way!

  I wonder if any of you have found a convenient approach to dealing
  with this requirement?  If so, would you be willing to share your
  lessons learned?  Thanks.
  Dan Rathbun
  Information Security Director
  CISSP, GSLC and GSEC Certified
  AECOM
  515 South Flower Street, 4th Floor
  Los Angeles, CA 90071-2201

  p. 978.930.5656
  e. dan.rathbun@aecom.com

  http://www.linkedin.com/in/drathbun
  _______________________________________________
  Nessus mailing list
  Nessus@list.nessus.org
  http://mail.nessus.org/mailman/listinfo/nessus

  _______________________________________________
  Nessus mailing list
  Nessus@list.nessus.org
  http://mail.nessus.org/mailman/listinfo/nessus

-- 
Want an e-mail address like mine?
Get a free e-mail account today at www.mail.com!


_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: How to produce a list of target subnets?, John Gray
Next by Date:  Re: How to produce a list of target subnets?, Renaud Deraison (lists)
Previous by Thread:  Re: How to produce a list of target subnets?, Todd Adamson
Next by Thread:  xml reports export to htm & nbe, MALTE SIMON
Indexes:  [Date] [Thread] [Top] [All Lists]