Locate the Network Range
- Network range information assists attackers to create a map of the target network.
- Find the range of IP addresses using ARIN whois database search tool.
- You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR).
- Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the rotuers on the path to a target host.
- Manual traceroute: ping -i 1
- UDP 33434-33534 Random
- ICMP type3: Destination Unreachable
- ICMP type11: Time Exceeded
- Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations.
- For example: after running several traceroutes, an attacker might obtain the following information:
- traceroute 184.108.40.206, second to last hop is 220.127.116.11
- traceroute 18.104.22.168, third to last hop is 22.214.171.124
- traceroute 126.96.36.199, second to last hop is 188.8.131.52
- traceroute 184.108.40.206, third to last hop is 220.127.116.11
- traceroute 18.104.22.168, second to last hop is 22.214.171.124
- By putting this information together, attackers can draw the network diagram.