Is that IP being used?



  • I have been given the task of tracking down a public IP range that the company is paying for to see "If" and "What" it is being used for. I have run through my extent of current knowledge to find if it is active and am coming up with "Not Active"

    Ping from LAN side No response
    Ping from WAN side No response
    Checked firewall ACLs no evidence of Nat
    Found single DNS entry on our External DNS provider which has an A record for a sub domain that I have never heard of
    Checked our internal DNS for any entries found nothing

    So, my take away from this is,

    1. If anything is attached to the network that is using an ip from this /28 subnet it is either powered off or set to ignore echo requests.
    2. I have only one entry in our DNS of a single IP and it points to gate.mydomain.com.

    Is there a way to take this to a higher level of investigation, or (most likely) am I missing something fundamental.

    Thank you



  • @popester said in Is that IP being used?:

    Ping from LAN side No response
    Ping from WAN side No response

    Just an indicator - at best. Pinging depends on a lot of things, for example

    • there's a route (be aware of NAT)
    • there's no blocking firewall

    You may try a port scanner from outside to see if there are any well known ports listening, like

    • HTTP / HTTPS
    • Mailports
    • VPN Ports
    • etc

    Nmap / Zenmap is still a great tool for such a job.



  • Just looking at the router / firewall is where all the info is. Any given IP might be in use but not responding.



  • @scottalanmiller said in Is that IP being used?:

    Just looking at the router / firewall is where all the info is. Any given IP might be in use but not responding.

    If he has access to the firewall. I took this to mean he's trying to determine if anyone else is using any of the IP addresses..



  • @dustinb3403 said in Is that IP being used?:

    @scottalanmiller said in Is that IP being used?:

    Just looking at the router / firewall is where all the info is. Any given IP might be in use but not responding.

    If he has access to the firewall. I took this to mean he's trying to determine if anyone else is using any of the IP addresses..

    No one else can use them, as they can only be routed to his network.

    And someone has to have firewall access. This is the only thing that is needed to answer this question.


Log in to reply