Transcript document
Footprinting The systematic and methodical footprinting of an organization to establish a profile of its security systems. Passive reconnaissance Target Location • www.keyhole.com • Earth.google.com • terraserver.microsoft. com • www.multimap.com • www.mapquest.com Contact Details • • • • • • • www.phonenumber.com www.411.com www.yellowpages.com www.yell.co.uk www.whitepages.com www.crimetime.com www.peoplesearch.com Current Events • Mergers, sandals, layoffs, rapid hiring, out sourcing etc. Can lead to weakness in security, leak in information and low morale amongst staff www.sec.org Archived Information • www.thememoryhole.org • www.archive.org • Google’s archive Accessing Information • Dumpster Diving • Social Engineering • Saving websites offline Disgruntled Employees • www.f**kedcompany.com • www.internalmemo.com “link:www.company.com” http://www.anvari.org/links/Tech_News/http---wwwfuckedcompany-com-.html Search Engines • www.google.com • www.dogpile.com • www.search.yahoo.co.uk • www.altavista.com • Johnny.ihackstuff.com • Site digger www.foundstone.com • Wikto www.sensepost.com/research/wikto Search for “pix firewall config help” Public Registers Exercise: Find out and make a list of the public registers for America, Europe, Africa, Middle East • www.aso.icann.org.rirs/index.html Who Is • • • • • • • • www.dnsstuff.com www.whois.iana.org www.verisign-grs.com www.markmonitor.com www.allwhois.com www.uwhois.com www.internic.net/whois.html www.arin.net GUI Search Tools • • • • • • www.samspade.org Sam Spade www.foundstone.com Superscan www.nwpsw.com Netscan www.ipswitch.com www.geektools.com GTWhois www.tamos.com Smart whois DNS interrogation • Nslookup • Traceroute • PathPing • Whois • Tcptraceroute http://michael.toren.net/code/tcptraceroute • Cain & Abel www.oxid.it • www.dnsstuff.com • www.zoneedit.com/lookup.html Exercise: Find out how to perform a zone transfer to a text file in windows Network Information • • • • IP Address range/Subnet mask Server Names Router addresses Firewalls Exercise: download a trial of Neo Trace and/or Visual Route Contermeasures • Restrict information in the public domain • Restricted whois database information • Investigate what others can find out about you • Filter/monitor traffic on your network Countermeasures • • • • • Install NIDS www.Snort.org Limit ICMP and UDP packets Rotorouter www.ussrback.com Visual Lookout Visual route E-mail tracker pro Exercise • Footprint a local Organisation in teams of two • Do not scan or attempt gain access! • Produce a presentation on the information you gained and how you got the information