Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Remote CIDR Surveying


Published on

Mapping out network segmentation for pentests

Published in: Internet
  • You can try to use this service ⇒ ⇐ I have used it several times in college and was absolutely satisfied with the result.
    Are you sure you want to  Yes  No
    Your message goes here
  • Be the first to like this

Remote CIDR Surveying

  1. 1. @VirusFriendly Remote CIDR Surveying
  2. 2. @VirusFriendly: • • Reasons for Abnormal Arp Requests • Reasons for Abnormal ICMP errors • Reasons for Abnormal Traceroute Results
  3. 3. Our mission is to foster creative and technical growth through open collaboration by providing tools and resources within the greater Baltimore-Washington Metro area. Who we are: • We are a hacker/maker space • We are a non profit 501(c)(3) • Everything you see here was donated by the community • Everything you see here is free for public use (although some may require minor training)
  4. 4. This space many of us call home is completely run based on community donations, every little bit helps and ensures we can keep the door open and keep classes like this free for anyone interested in attending. Get Involved! • You can donate your time • You can donate your knowledge • You can donate your unused equipment • You can donate supplies • Lastly we also have overhead and we would appreciate a one time donation or even better you can become a member.
  5. 5. No matter the day there is almost always something going on here and events can be found on the following social media outlets. @unallocated !forum/unallocated-space
  6. 6. UDP “Unix” Traceroute Mechanics
  7. 7. ICMP “Windows” Traceroute Mechanics Uses ICMP Echo instead of UDP Allowed by RFC 1393
  8. 8. TTL Gotchas • Proxies and Switches operate on incompatible layers • Any layer 3 device (router, gateway, firewall) that doesn’t decrement TTL won’t be detectable
  9. 9. Why Survey Network CIDR Network segregation • Ownership • Location • Business function • Policy • Sensitivity
  10. 10. CIDR Determination by flipping bits
  11. 11. Router Interface Determination After routed segregation is determined Switched (vlan) segregation can be determined by mapping router interfaced Note: The router interface/IP sending the ICMP error may or may not be the same IP address we probed
  12. 12. HardCidr @VirusFriendly