-
October 20th, 2003, 04:43 PM
#1
Senior Member
Footprinting
ok this is my first tutorial, or article so here goes
Footprinting by ---- QOD (QOD@gawab.com)
Planning and research might be the reason behind all successful and undetected attacks on computer networks. In this paper we will discuss some of the basic methods that a hacker is able to footprint your system. We will first discuss the definition of footprinting, secondly we will talk about the how a hacker finds your IP address range. We will then discuss the ways that you could find open ports on a computer, then we will talk about the whois tool, and finally we will talk about the NSLookup tool. This paper is targeted for people with some basic knowledge of TCP/IP and computer networks.
Footprinting is a technique that uses multiple tools. Most of these tools are available free, and are used to find as much about a target network as you possibly can. By using tools such as Whois, TraceRoute, NSLookup, and port scanning; you are able to create a profile about the target network. You are also able find the IP address range, the servers on the network, where are the firewalls located, and who is the administrator on the network, some of telephone numbers that are important to the organization, open ports and which services are running on them, etc… things that you should have not known in the first place.
You first need to know the address range of the target network, and be able to determine which ones could be reached from your local computer. The first way to figure that out is to find it out form the IP address class (only if the target network is using the default subnet mask). For example, a target host that has an IP address of 200.15.1.3 would be a class C IP address and should have a subnet mask value of 255.255.255.0 by default. Which would imply that the address range is from 200.15.1.0 to 200.15.1.255 are all valid addresses for the target network. If the defaults were changed, then you could use ping sweeps in which you specify the beginning address and the end address to scan. For example, if we insert the values of 200.15.1.0 as the start address and 200.15.1.244 as the end address it will show which computers could be reached, and the ones that are available on the network. There are tons of other ways to find the address range of a network- from manually pinging each IP you believe is on the network, and analyzing the results, or downloading automatic pinging software to do it for you.
Finding an open port would get you’re the first clued that the system is vulnerable, and might be compromised. A port is a method of getting data into and out of a computer. We will be talking about software ports in this section. You should already know that there are some default port such as FTP on port 21, SMTP on 25, POP3 on 110, HTTP on 80, and telnet on 23. The best tool to do these scans is called Network Mapper (NMAP). You could use NMAP with the –sT switch to do the port scan. NMAP will not only tell you which ports are open but it will also attempt to fingerprint (determine what OS and type of service is running) on the target network.
Traceroute basically does what its name implies. It traces the packet and records the route in which it takes. It is usually used to detect network problems. In windows the command is called “TracerT” while in LINUX based computers the command is called “TraceRoute”. TraceRoute uses the ICMP echo_packets, just like ping. It uses the TTL (Time to Live) value in the TCP/IP packet header to determine when to drop the request; the default number of TTL is dependent on your OS. This tool is important because it reveals the firewalls and routers in place on the target network and it would also reveal there IP addresses. This tool is the grounds on which you could determine which OS is running on the target network(fingerprinting). You are able to know that because each OS has a different value for the TTL and by examining that value you could determine which OS and version number is running.
Whois is a database that contains registration records of all available domain names. Contains thrall information on each internet web site, including domain name, company name and its address, administrator name, administrator contact information, technical contact information, and when the name was registered. The Whois client is available by default on UNIX/LINUX based system, and must be downloaded for the windows OS. Armed with this information a person could go to the yellow pages and find more about the internet site.
NSLookup allows you to query the DNS database from any computer on the network. This might also be used to find which computers are on the network and what are there functions in the network infrastructure. It is also used to displays all current TCP/UDP connections, and to list the routing table which are important to determine the activities the OS has been doing.
You need to know your enemy to beat him; that is what they always said. By knowing this information you might be able to know what is the common ways that a person could footprint your internet website and your network and find information that he/she should have never known. By having a good footprining strategy it will not only increase your chance of succeeding but it will also increase your chance of going undetected.
please tell me how to imporove it and post any comments of email them to me
QOD (qod@gawab.com)
thank you
-
October 20th, 2003, 04:52 PM
#2
Good Good... I think it was definetely a first good tutorial for you.. You pretty much went into detail with everything.. But don't forget next time to include maybe some nmap options on how information about a system can be obtained from nmap.. (www.insecure.org/nmap) And how to prevent your machines from ping sweeps and ICMP_echo packets that sort of thing...
Good though ! off to a start for a book
"Serenity is not the absence of conflict, but the ability to cope with it."
-
October 20th, 2003, 05:01 PM
#3
qod: Small typo that makes a big difference.....
Should read:
POP3 on 110
Nice start though....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
October 20th, 2003, 05:02 PM
#4
Senior Member
sorry about the typo, but i just corrected it
-
October 20th, 2003, 05:58 PM
#5
Stating what things are is not (IMO) a tutorial. its an introduction. you should give examples on using the apps you mentioned.
but for making the effort and writing it your self you get an 'A'.
aahhh!
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
October 20th, 2003, 06:04 PM
#6
Junior Member
nice turorial, i know what footprinting is now
what about countermeausure in the victim side , is this question relevant with your tut ?
thanks
-
October 20th, 2003, 09:15 PM
#7
Member
That was very informative. I hope to find it useful in my work area.
-
October 20th, 2003, 10:56 PM
#8
Very nice post!
You asked for suggestions..........well, apart from developing your topic try this:
You need to know your enemy to beat him; that is what they always said. By knowing this information you might be able to know what is the common ways that a person could footprint your internet website and your network and find information that he/she should have never known. By having a good footprining strategy it will not only increase your chance of succeeding but it will also increase your chance of going undetected.
In the second (?) century before Christ, Tsun Tsu, the Chinese philosopher/ General wrote:
"If I know nothing about myself, and nothing about my enemy, I will surely lose. If I know everything about myself, and nothing about my enemy, my chances of winning are even. If I know everything about myself, and everything about my enemy, I shall surely prevail"
I thought you might like that one
Again, good post, keep 'em coming.
Cheers
-
October 21st, 2003, 09:13 PM
#9
Senior Member
nihil i will be sure to add it.
-
November 16th, 2003, 12:58 AM
#10
Junior Member
nihil The Art of War is one of my favorite books!! And I suggest everyone take a look at it. It will surely give you a new outlook on how you percieve network security (If you apply it in that mannor)
Cheers
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|