Results 1 to 10 of 10

Thread: Footprinting

  1. #1
    Senior Member
    Join Date
    Sep 2003
    Posts
    161

    Footprinting

    ok this is my first tutorial, or article so here goes
    Footprinting by ---- QOD (QOD@gawab.com)

    Planning and research might be the reason behind all successful and undetected attacks on computer networks. In this paper we will discuss some of the basic methods that a hacker is able to footprint your system. We will first discuss the definition of footprinting, secondly we will talk about the how a hacker finds your IP address range. We will then discuss the ways that you could find open ports on a computer, then we will talk about the whois tool, and finally we will talk about the NSLookup tool. This paper is targeted for people with some basic knowledge of TCP/IP and computer networks.

    Footprinting is a technique that uses multiple tools. Most of these tools are available free, and are used to find as much about a target network as you possibly can. By using tools such as Whois, TraceRoute, NSLookup, and port scanning; you are able to create a profile about the target network. You are also able find the IP address range, the servers on the network, where are the firewalls located, and who is the administrator on the network, some of telephone numbers that are important to the organization, open ports and which services are running on them, etc… things that you should have not known in the first place.

    You first need to know the address range of the target network, and be able to determine which ones could be reached from your local computer. The first way to figure that out is to find it out form the IP address class (only if the target network is using the default subnet mask). For example, a target host that has an IP address of 200.15.1.3 would be a class C IP address and should have a subnet mask value of 255.255.255.0 by default. Which would imply that the address range is from 200.15.1.0 to 200.15.1.255 are all valid addresses for the target network. If the defaults were changed, then you could use ping sweeps in which you specify the beginning address and the end address to scan. For example, if we insert the values of 200.15.1.0 as the start address and 200.15.1.244 as the end address it will show which computers could be reached, and the ones that are available on the network. There are tons of other ways to find the address range of a network- from manually pinging each IP you believe is on the network, and analyzing the results, or downloading automatic pinging software to do it for you.

    Finding an open port would get you’re the first clued that the system is vulnerable, and might be compromised. A port is a method of getting data into and out of a computer. We will be talking about software ports in this section. You should already know that there are some default port such as FTP on port 21, SMTP on 25, POP3 on 110, HTTP on 80, and telnet on 23. The best tool to do these scans is called Network Mapper (NMAP). You could use NMAP with the –sT switch to do the port scan. NMAP will not only tell you which ports are open but it will also attempt to fingerprint (determine what OS and type of service is running) on the target network.

    Traceroute basically does what its name implies. It traces the packet and records the route in which it takes. It is usually used to detect network problems. In windows the command is called “TracerT” while in LINUX based computers the command is called “TraceRoute”. TraceRoute uses the ICMP echo_packets, just like ping. It uses the TTL (Time to Live) value in the TCP/IP packet header to determine when to drop the request; the default number of TTL is dependent on your OS. This tool is important because it reveals the firewalls and routers in place on the target network and it would also reveal there IP addresses. This tool is the grounds on which you could determine which OS is running on the target network(fingerprinting). You are able to know that because each OS has a different value for the TTL and by examining that value you could determine which OS and version number is running.

    Whois is a database that contains registration records of all available domain names. Contains thrall information on each internet web site, including domain name, company name and its address, administrator name, administrator contact information, technical contact information, and when the name was registered. The Whois client is available by default on UNIX/LINUX based system, and must be downloaded for the windows OS. Armed with this information a person could go to the yellow pages and find more about the internet site.

    NSLookup allows you to query the DNS database from any computer on the network. This might also be used to find which computers are on the network and what are there functions in the network infrastructure. It is also used to displays all current TCP/UDP connections, and to list the routing table which are important to determine the activities the OS has been doing.

    You need to know your enemy to beat him; that is what they always said. By knowing this information you might be able to know what is the common ways that a person could footprint your internet website and your network and find information that he/she should have never known. By having a good footprining strategy it will not only increase your chance of succeeding but it will also increase your chance of going undetected.


    please tell me how to imporove it and post any comments of email them to me
    QOD (qod@gawab.com)

    thank you

  2. #2
    Senior Member n01100110's Avatar
    Join Date
    Jan 2002
    Posts
    352
    Good Good... I think it was definetely a first good tutorial for you.. You pretty much went into detail with everything.. But don't forget next time to include maybe some nmap options on how information about a system can be obtained from nmap.. (www.insecure.org/nmap) And how to prevent your machines from ping sweeps and ICMP_echo packets that sort of thing...
    Good though ! off to a start for a book
    "Serenity is not the absence of conflict, but the ability to cope with it."

  3. #3
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    qod: Small typo that makes a big difference.....

    POP3 on 101
    Should read:

    POP3 on 110

    Nice start though....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    sorry about the typo, but i just corrected it

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    Stating what things are is not (IMO) a tutorial. its an introduction. you should give examples on using the apps you mentioned.

    but for making the effort and writing it your self you get an 'A'.

    aahhh!
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  6. #6
    Junior Member
    Join Date
    Aug 2002
    Posts
    24
    nice turorial, i know what footprinting is now
    what about countermeausure in the victim side , is this question relevant with your tut ?
    thanks

  7. #7
    That was very informative. I hope to find it useful in my work area.

  8. #8
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Very nice post!

    You asked for suggestions..........well, apart from developing your topic try this:


    You need to know your enemy to beat him; that is what they always said. By knowing this information you might be able to know what is the common ways that a person could footprint your internet website and your network and find information that he/she should have never known. By having a good footprining strategy it will not only increase your chance of succeeding but it will also increase your chance of going undetected.
    In the second (?) century before Christ, Tsun Tsu, the Chinese philosopher/ General wrote:

    "If I know nothing about myself, and nothing about my enemy, I will surely lose. If I know everything about myself, and nothing about my enemy, my chances of winning are even. If I know everything about myself, and everything about my enemy, I shall surely prevail"

    I thought you might like that one

    Again, good post, keep 'em coming.

    Cheers

  9. #9
    Senior Member
    Join Date
    Sep 2003
    Posts
    161
    nihil i will be sure to add it.

  10. #10
    Junior Member
    Join Date
    Nov 2003
    Posts
    14
    nihil The Art of War is one of my favorite books!! And I suggest everyone take a look at it. It will surely give you a new outlook on how you percieve network security (If you apply it in that mannor)

    Cheers

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •