Locate the Network Range
- Network range information assists attackers to create a map of the target network.
- Find the range of IP addresses using ARIN whois database search tool.
- You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR).
Traceroute (重要)
- Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the rotuers on the path to a target host.
- Manual traceroute: ping -i 1
- UDP 33434-33534 Random
- ICMP type3: Destination Unreachable
- ICMP type11: Time Exceeded
Traceroute Analysis
- Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations.
- For example: after running several traceroutes, an attacker might obtain the following information:
- traceroute 1.10.10.20, second to last hop is 1.10.10.1
- traceroute 1.10.10.20, third to last hop is 1.10.10.1
- traceroute 1.10.20.10, second to last hop is 1.10.10.50
- traceroute 1.10.20.15, third to last hop is 1.10.10.1
- traceroute 1.10.20.15, second to last hop is 1.10.10.50
- By putting this information together, attackers can draw the network diagram.