Passive foot printing is a method by which an attacker tries to gather more information about his target like ip addresses, security leaks and defense capabilities. In most cases an attacker launches his attack only after gathering such information and deciding if a breach is feasible. The following methods can aid him in this process
traceroute
This is a tool used to trace the route from the source to the destination. Each of the intermediate systems such as routers returns an ICMP packet to the source which revels information about these systems to the sender. It also helps in identifying the last but one system, which often happens to be a firewalls or routers. The attacker can thus know the type of routers and firewalls used in the company.
whois
This too is a passive reconnaissance method by which the ownership of a particular domain can be found out by querying public databases maintained by domain registrars. The query returns information such as, owner name, email address, phone number which can be used for email attacks and social engineering attacks. Also the query returns the ip address and domain expiration dates which can be used for domain hijacking. Moreover the physical address obtain can help the attacker in launching attacks such as dumpster diving.
nslookup
The name server lookup is a tool used to query the DNS, for the ip address of a particular domain. This is a passive reconnaissance method whereby a third party is used to gather information about the targeted domain. The attacker after obtaining the valid ip address of a company website may guess other ip addresses in the same subnets and launch an attack on any one of these weaker ones. Nslookup can also be used to gather information about mail servers after which attacks such as spamming and denial of service can be launched.
ARIN
American Registry for Internet Numbers is a body to manage the internet number resources including ip addresses, Autonomous System number etc. ARIN can be used in address reconnaissance which helps in identifying the address space used by a particular organization. Once the ip address of companies are identified by using methods like nslookup, the ARIN website can be used to obtain the entire ip address range of that company. This can be used for a brute force attack where one address after another is tried to find the unsecured one.
traceroute
This is a tool used to trace the route from the source to the destination. Each of the intermediate systems such as routers returns an ICMP packet to the source which revels information about these systems to the sender. It also helps in identifying the last but one system, which often happens to be a firewalls or routers. The attacker can thus know the type of routers and firewalls used in the company.
whois
This too is a passive reconnaissance method by which the ownership of a particular domain can be found out by querying public databases maintained by domain registrars. The query returns information such as, owner name, email address, phone number which can be used for email attacks and social engineering attacks. Also the query returns the ip address and domain expiration dates which can be used for domain hijacking. Moreover the physical address obtain can help the attacker in launching attacks such as dumpster diving.
nslookup
The name server lookup is a tool used to query the DNS, for the ip address of a particular domain. This is a passive reconnaissance method whereby a third party is used to gather information about the targeted domain. The attacker after obtaining the valid ip address of a company website may guess other ip addresses in the same subnets and launch an attack on any one of these weaker ones. Nslookup can also be used to gather information about mail servers after which attacks such as spamming and denial of service can be launched.
ARIN
American Registry for Internet Numbers is a body to manage the internet number resources including ip addresses, Autonomous System number etc. ARIN can be used in address reconnaissance which helps in identifying the address space used by a particular organization. Once the ip address of companies are identified by using methods like nslookup, the ARIN website can be used to obtain the entire ip address range of that company. This can be used for a brute force attack where one address after another is tried to find the unsecured one.
0 comments:
Post a Comment