Locate the Network Range
- Network range information assists attackers to create a map of the target network.
- Find the range of IP addresses using ARIN whois database search tool.
- You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR).
- Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the rotuers on the path to a target host.
- Manual traceroute: ping -i 1
- UDP 33434-33534 Random
- ICMP type3: Destination Unreachable
- ICMP type11: Time Exceeded
- Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations.
- For example: after running several traceroutes, an attacker might obtain the following information:
- traceroute 220.127.116.11, second to last hop is 18.104.22.168
- traceroute 22.214.171.124, third to last hop is 126.96.36.199
- traceroute 188.8.131.52, second to last hop is 184.108.40.206
- traceroute 220.127.116.11, third to last hop is 18.104.22.168
- traceroute 22.214.171.124, second to last hop is 126.96.36.199
- By putting this information together, attackers can draw the network diagram.