• HOME

  • ABOUT US

  • SERVICES

  • CONTACT

  • KNOWLEDGE

  • BUY ONLINE

  • More

    CYBER SECURITY ASSESSMENTS // PENETRATION TESTING // DATA SECURITY // IT SECURITY // SECURITY AUDITS // DIGITAL FORENSICS // CYBER INTELLIGENCE

    IT Consulting | Online Security | Network Security | Computer Security

    Trojan Horse Security offers official testing and certification as a Certified Cyber Hacker (CCH), based upon this syllabus. Click here for more information.

    DISCOVERING IP RANGES

    TROJAN HORSE SECURITY IS TEACHING THESE CONCEPTS FOR EDUCATIONAL PURPOSES ONLY. WE DO NOT CONDONE ILLEGAL HACKING. TROJAN HORSE SECURITY CONSULTANTS ARE HIRED AS ETHICAL HACKERS AT THE REQUEST OF ORGANIZATIONS WITH PERMISSION TO HACK THEIR NETWORKS AND SYSTEMS.

    There are many ways to discover the IP ranges owned by a company. Let's go through some of the most common ways to give you an idea.

    The easiest way to get started is to run a whois query against the company name. This is done on the command line on your Linux box:

    # whois -h whois.arin.net Google

    <snip>

    GOOGLE (C00975227) ABOV-T324-64-124-112-24-29 (NET-64-124-112-24-1) 64.124.112.24 - 64.124.112.31
    GOOGLE (C00975291) ABOV-T324-209-249-73-64-29 (NET-209-249-73-64-1) 209.249.73.64 - 209.249.73.71
    GOOGLE (C00976518) ABOV-T324-64-124-229-168-29 (NET-64-124-229-168-1) 64.124.229.168 - 64.124.229.175
    GOOGLE (C01039107) UU-65-214-255-96 (NET-65-214-255-96-1) 65.214.255.96 - 65.214.255.111
    GOOGLE (C01069311) UU-65-211-194-96-D8 (NET-65-211-194-96-1) 65.211.194.96 - 65.211.194.111
    GOOGLE (C01069313) UU-65-223-8-48-D6 (NET-65-223-8-48-1) 65.223.8.48 - 65.223.8.63
    Google (C01069315) UU-65-221-133-176-D6 (NET-65-221-133-176-1) 65.221.133.176 - 65.221.133.191
    GOOGLE (C01226236) UU-63-84-190-224-D4 (NET-63-84-190-224-1) 63.84.190.224 - 63.84.190.255
    Google (C01226466) TWTC-GOOGLE-01 (NET-64-128-207-160-1) 64.128.207.160 - 64.128.207.175
    GOOGLE (C01325434) UU-65-196-235-32-D4 (NET-65-196-235-32-1) 65.196.235.32 - 65.196.235.47
    Google (C01326476) TWTC-ATLA-C-GOOGLE-0 (NET-66-192-134-32-1) 66.192.134.32 - 66.192.134.47
    GOOGLE (C01330493) UU-65-214-112-96-D21 (NET-65-214-112-96-1) 65.214.112.96 - 65.214.112.127
    Google (C01791017) GOOGLE (NET-70-90-219-72-1) 70.90.219.72 - 70.90.219.79
    Google (C01791073) GOOGLE (NET-70-90-219-48-1) 70.90.219.48 - 70.90.219.55
    Google (C02765668) GOOGLE (NET-199-87-241-32-1) 199.87.241.32 - 199.87.241.63
    Google (C04633564) C04633564-NET (NET-208-74-177-144-1) 208.74.177.144 - 208.74.177.159
    Google (C05412539) ZAYO-IPYX-099410-128-177-174-32-28 (NET-128-177-174-32-1) 128.177.174.32 - 128.177.174.47

    As you can see, this revealed many IP ranges for Google.

    This will not always give you back information. Sometimes, you need to enter an IP address instead and find a range owned by your target. You get this IP address by querying DNS for domain names owned by your company. This is covered in the Querying DNS Lesson. I suggest you take that lesson and then come back here with some IP addresses to play with.

    Once you have an IP address, run the following command to find the whole IP Subnet it belongs with:

    # whois -h whois.arin.net 199.87.241.50

    <snip>

    NetRange:       199.87.240.0 - 199.87.243.255
    CIDR:               199.87.240.0/22
    NetName:         FNI-BLOCKA
    NetHandle:       NET-199-87-240-0-1
    Parent:             NET199 (NET-199-0-0-0-0)
    NetType:          Direct Allocation
    OriginAS:         AS22873
    Organization:   Fiber Networx Inc. (FN)
    RegDate:         2011-02-03
    Updated:          2012-02-24
    Ref:                  http://whois.arin.net/rest/net/NET-199-87-240-0-1

    Here you can see we are given the full Subnet range on the 1st and 2nd line.

    You may also notice in the last line that it is possible to view this information via a web browser. This is sometimes a simple way to go. For North American targets, simply browse to arin.net and in the top right you will see a search box where you can run your queries. You can also click on the links in the findings to find all the ranges owned by the company. You can click ORGANIZATION > RELATED NETWORKS and you will see these IP ranges. They are not always comprehensive and you may need to do some more searching but with a little work you can find out all the IP ranges owned by a company. Now you have some targets!

    BACK

    Trojan 1 | PCI Compliance | HIPAA Compliance | GLBA Compliance | GDPR Compliance | Penetration Testing | Web Application Assessment | Corporate Security Assessment | Cyber Threat Intelligence 24 / 7

     

    Cyber Breach Lawyers | Vulnerability Assessments | CISO On Demand | Black Ops | Secure Cloud | Personal Security Assessments | Small Business IT Security  | NY Cybersecurity Rule 23 NYCRR 500

     

    Ethical Hacking for Small Businesses | IT Compliance Small Business | Security Breach Management Solutions | Big Data Security | Corporate Randsomware

     

    Website Security for Small Businesses | Security Consulting Services | Enterprise Security Services | Drone & Robotic IT Security

     

    Complete IT/Cyber Security Assessment |  Security Governance Services | Security & Risk Management | Digital Forensics

     

    Social Engineering Testing  | Cyber Liability Insurance | Data Centers Transformation & Security | Secure Access and Continuity Solutions

     

    Mobility Management  & Security | Network Management  Security Solutions | EndPoint Security Solutions |  National Vulnerability Database

    2200 PENNSYLVANIA AVENUE | NW | 4TH FLOOR EAST​ | WASHINGTON, D.C. 20037​

    ​​Tel: 202.507.5773 | Fax: 202.507.5601​ |  ContactUs@TrojanHorseSecurity.com

     

    • s-linkedin
    • s-facebook
    • Google Metallic
    • YouTube Metallic
    • Pinterest Metallic
    • s-tbird

    © 2020  TROJAN HORSE SECURITY INC

    • HOME

    • ABOUT US

    • SERVICES

    • CONTACT

    • KNOWLEDGE

    • BUY ONLINE

    • More