On Aug 23, 2005, at 10:02 PM, Ralph Droms ((rdroms)) wrote:
I'll argue that those clues already exist. The delegated prefix is advertised outside, and a simple traceroute sweep across the network can identify the routers in the network and at least some of the subnets. The routers will respond with "TTL expired", revealing their ingress subnet numbers. If the administration chooses a common host part for routers (such as <prefix>::0001or some such thing), it will be trivial for the sweeper to deduce this from the traceroute responses and then ping sweep the routers in the network, determining all subnet numbers. |