0

I can determine a single public IP address from within the organization (using NAT) by sending a HTTP request to one of the publically available services:

curl ipinfo.io/ip

However, if my request always takes the same route, then I will always get the same answer, even thus the organization might have several public IP adresses.

How can I enumerate all public IP adresses?

Shuzheng
  • 1,097
  • 4
  • 22
  • 37

1 Answers1

1

This is not possible.

As you mention, you will have a route (or a few) to get out of your network and you can see the outbound public IP address for there.

This may be only one of the many addresses allocated to a company. In particular, this outbound IP address may not be the one you would use to access publicly facing services (in a larger company this is very likely).

The non technical way could be via an ARIN / WHOIS search. The information you will find in there is as up to date as the network admins made it to be.

Then you can try to check the services you know about (www, ftp, ...) and may find an IP address which may or may not be one your company is an owner of (the web site may be hosted elsewhere for instance)

Except for asking the network admins there is not reliable way.

WoJ
  • 8,957
  • 2
  • 32
  • 51
  • Thanks for your response. With regards to "Then you can try to check the services you know about (www, ftp, ...)" - what exactly do you mean? Should I try to connect to www.company.com, ftp.company.com, etc? – Shuzheng Aug 18 '18 at 17:08
  • @user111854: yes, but this is really to find the most obvious ones, which by the way may change in time. – WoJ Aug 19 '18 at 12:45
  • Do you know of other good examples to try? – Shuzheng Aug 20 '18 at 10:52