ARIN allows search on the whois database to locate information on networks autonomous system numbers (ASNs), network-related handles and other related point of contact (POC).
ARIN whois allows querying the IP address to help find information on the strategy used for subnet addressing.
The ARIN page also has a set of additional tools and links to other sites such as RWhois.net. ARIN would be a good starting point for information gathering as the information retrieved is more elaborate than a standard Whois lookup.
The purpose of discussing information gathering - and footprinting in particular - is that this is the information that both the hacker and the systems administrator can gather in a non-intrusive manner. All the approaches discussed so far are completely passive (with the exception of traceroute, as it can be detected) and undetectable by the target organization. The information gathered during this phase will be used continuously throughout the penetration test.
Doing a footprinting for an organization can help its systems administrator know what nature of information lies outside the organization and the potential threat it can pose to the organization. He can take preventive measures to see that these are not used as a means of exploit and increase user awareness regarding the use of information assets.
Up to date domain contact information is important not only for addressing administration issues but can also be used by security personnel on other networks to warn of pending attacks or active compromises. By not revealing essential information, more harm can be done.
OrgName: | Google Inc. | ||||
OrgID: | GOGL | ||||
Address: | 2400 E. Bayshore Parkway | ||||
City: | Mountain View | ||||
StateProv: | CA | ||||
Postal Code: | 94043 | ||||
Country: | US | ||||
Net Range: | 216.239.32.0 - 216.239.63.255 | ||||
CIDR: | 216.239.32.0/19 | ||||
Net Name: | GOOGLE | ||||
Net Handle: | NET-216-239-32-0-1 | ||||
Parent: | NET-216-0-0-0-0 | ||||
Net Type: | Direct Allocation | ||||
Name Server: | NS1.GOOGLE.COM | ||||
Name Server: | NS2.GOOGLE.COM | ||||
Name Server: | NS3.GOOGLE.COM | ||||
Name Server: | NS4.GOOGLE.COM | ||||
Comment: | |||||
Reg Date: | 2000-11-22 | ||||
Updated: | 2001-05-11 | ||||
Tech Handle: | ZG39-ARIN | ||||
Tech Name: | Google Inc. | ||||
Tech Phone: | +1-650-318-0200 | ||||
Tech Email: | |||||
Attack Methods | From the Nslookup query, an attacker can find name servers, mail exchange servers and also what class they belong to. The mail exchange servers can be further resolved into IP addresses. He can then enumerate the network further by doing a reverse IP lookup. | ||||
In this case, we look up 216.239.33.25 which is the IP of smtp1.google.com
The query gives the following result.
25.33.239.216.in-addr.arpa | PTR | smtp1.google.com |
33.239.216.in-addr.arpa | NS | ns1.google.com |
33.239.216.in-addr.arpa | NS | ns2.google.com |
33.239.216.in-addr.arpa | NS | ns3.google.com |
33.239.216.in-addr.arpa | NS | ns4.google.com |
ns1.google.com | A | 216.239.32.10 |
ns2.google.com | A | 216.239.34.10 |
ns3.google.com | A | 216.239.36.10 |
ns4.google.com | A | 216.239.38.10 |
0 comments:
Post a Comment