I would like to what tools and methods other people may use for IP address block enumeration.  I have used qtrace.pl in the past but i'm not aware of any other tools / websites that may be of use.

I find that in books, articles and websites there is often very little emphasis on clearly identify the network boundaries of the target.

Does anyone have any suggestions?

Thanks

SynJunkie

I find that in general a whois might give me the isp assigned block.  but where i have found a host in a range by using something like Fierce, i want to find the size of that range assigned to the target network..

Thanks RoleReversal.  That was one of my methods (nmap xxx.xxx.xxx.xxx/24 -sP) and then look for typical boundary type devices such as routers or firewalls.  Obviously this method isn't that reliable and I was hoping that there was another more reliable option for footprinting the target.

Oh well, worth a try.

Cheers.

Syn

Thanks Jimbob.  Again, these are methods I already use.  Maybe I was looking for a tool that does the same as Senseposts qtrace.pl but it doesn't exist.

Thanks for the reply though.

Another thing I do because I am a router guy is to ping and trace route the range you suspect. With ISP's some times using there own host names you can find smaller subnet ranges with ping times. Host normally have very different reply times than routers and ture network devices. So the wire address and the network broadcast of a smaller network inside a class C IP network can some times be identified by a similar ping time. Also trace route will give you host names. I think it was already stated but reverse DNS also can help ID a smaller subnet range.

my 2 cents

Brian
aka Slimjim100