Transcript FootPrinting - PSU

FootPrinting
CS391
Overview
 What
is footprinting?
 Main steps of footprinting.
What is Footprinting?
 Create
a complete profile of an
organization’s security posture using a set
of tools and techniques.
 The profile usually includes detailed
information about IP addresses and
blocks, range of domain names, remote
access, intranet structure, systems
connected to the Internet …etc.
Main Steps
 Usually,
the process involves six steps:
 Determine scope of activities.
 Get proper authorization.
 Collect publicly available information
 WHOIS and DNS enumeration
 DNS Interrogation
 Network Reconnaissance
Determine Scope of Activities
 Organization
networks are usually very
large. One focuses only on sub-targets.
Get Proper Authorization
 Try
to gain access to the system using a
proper account.
Publicly Available Information
 Company
websites and pages.
 Physical location.
 Related organizations.
 Privacy, security policies adopted.
 Disgruntled employees.
Where can I find the required
information?
ICANN Structure
Google Information
Nesma Information
WHOIS and DNS Enumeration
 Internet
domain names.
 IP address numbers.
 Protocol parameters and port numbers.
DNS Interrogation:
 Many
people use nslookup for this
purpose:
nslookup
Types of Queries

Type A
A simple query for the IP address corresponding to DNS

Type CNAME

A given host can have several DNS names. One of these is the
canonical or reference name.
Type MX
A mail exchanger query, to discover the real name of the
corresponding mail server

Type HINFO
An HINFO query. This is only useful if the DNS domain administrator
has bothered to create the relevant records and keep them up to
date.
Network Reconnaissance
 Traceroute
is the tool.
Superscan:
Supersacn
Enumerate