Subnetting and hacking

<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Mon Nov 08, 2010 10:29 pm

Subnetting and hacking

In regards to subnetting and hacking, is there any relation.  What I mean is do I truly need to know how to subnet to be a CEH.

Do black hats know how to subnet like the back of the hand?

The reason I ask is cause I am in school and majoring in Comp Forensics and Network Security but I took a networking class and the teacher is going over subnetting.  I figured that it could be useful for a hacker to know how many possible subnets are on a network but why would they want to know this and how would it benefit them.
Security+, Network+, C|EH, CHFI, CPT
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Tue Nov 09, 2010 12:45 am

Re: Subnetting and hacking

You don't need to know how to subnet to pass the CEH.  However you do if you want to know how to properly secure networks.  You need to know how to subnet to create networks (especially large ones), so if you want to be able to secure them best as possible, then you need to know them inside out.  Therefore, I think subnetting is a crucial skill.

The more you know about a network and all its sub-networks, devices, components, everything is very useful to be able to successfully hack into a network / secure one.

Through the use of Vlans, one could use different Vlans for corresponding to different subnets, which could each have different security policies and access control lists.

For example Vlan 100 needs to be secure from users on VLan 200...

So one could make Vlan 100 192.168.100.1 - 254
and Vlan 200 192.168.200.1 - 254 (I put the range to signify that it could be any number really..

Then you could use ACL's on Vlan 100 to restrict any inbound TCP, UDP or ANY IP traffic at all from any IP, or port etc.. coming from 200.XXX subnet etc.

You can get very granular, or not and just control a range of things.

Just a quick example of something you can do, but there is alot of reasons to know how to subnet and to understand the architechure of a network.  Hope I didn't type anything wrong, this was just a fly by mind lol..
Last edited by MindOverMatter on Tue Nov 09, 2010 12:48 am, edited 1 time in total.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Tue Nov 09, 2010 2:31 pm

Re: Subnetting and hacking

But do script kiddies and the more advanced hackers have a stronger benefit of using this then us that try and protect systems?  Or is it balanced?
Security+, Network+, C|EH, CHFI, CPT
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Tue Nov 09, 2010 5:33 pm

Re: Subnetting and hacking

You can blindly go out and and use tools to try and penetrate systems, web servers etc. without having to know how to subnet and what subnets are and their relation to an overall network.

Will knowing help, very much so.  Even just when you're doing recon, you're going to come up with all sorts of IP addressess from various sources.  Understanding if a host is in on an extranet, intranet, DMZ etc.. and it's relation to other targets is very helpful if you have a point and purpose to the attack (I'm looking at this ethically of course).

If one has access to an internal network and a specific host, which has and IP of 172.16.25.100/16 only, yet is trying to get to a server with valuable information which is on a totally different subnetwork with IP 172.25.242.254, then you'd need to understand how to get to this server.

Security aside, the simple fact that you are on a differnt subnetwork, even though within the same building, you won't be able to do much if you don't understand subnetworking.  You wouldn't be able to Arp Spoof, because out of the same subnet, or maybe even ping it if each is pointed to completely different default gateways.  I just woke up, so I'm a bit foggy lol, but I hope I kind of make sense... 

Before launching a tool or attack we need to be able to access or reach a machine through maybe a simple ping to know it's alive, then see what its vulnerabilities are to know what attack to launch, which may not be possible depending on something as simple as different subnetting schemes.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Tue Nov 09, 2010 5:38 pm

Re: Subnetting and hacking

Joshsevo wrote:But do script kiddies and the more advanced hackers have a stronger benefit of using this then us that try and protect systems?  Or is it balanced?


More simply, if you can't subnet, you most likely wont have a job protecing systems and a security engineer or network admin, because they are fundamental skills. 

If you're a "script kiddie" and don't know these skills, then you are less likely penetrating a network where someone has implemented a very good subnetting scheme to isolate different segments of the network.  You could launch a blind attack with an automated tool and maybe do some damage just for sake of anarchy or whatever, but then you're almost guaranteed to get caught.  Learn to subnet, it's easy! (not directed at the poster, lol) Chris Bryant rocks when it comes to teaching this. 
Check out TheBryantAdvantage.com for the easyiest way to learn to subnet IMHO.
A+, Network+, Security+, CIW Associate, CCNA, C|EH
<<

Joshsevo

User avatar

Sr. Member
Sr. Member

Posts: 281

Joined: Tue Dec 29, 2009 11:00 pm

Post Tue Nov 09, 2010 8:56 pm

Re: Subnetting and hacking

I am learning it for sure, it's just I need to spend more time on it.  I figured the two would intertwine sooner or later and that is why I posted.
Security+, Network+, C|EH, CHFI, CPT
<<

MindOverMatter

Jr. Member
Jr. Member

Posts: 62

Joined: Wed Oct 27, 2010 7:57 pm

Post Tue Nov 09, 2010 10:12 pm

Re: Subnetting and hacking

You can specialize in different aspects of security such as for the Web (scripting etc.), networks, or specific systems and applications, but I suppose to be overall well rounded it's best to know at least some of each, especially the basics of each. I'm no expert at all that's for sure, so you can take anything I say with a grain of salt. :)
A+, Network+, Security+, CIW Associate, CCNA, C|EH

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software