Presentation is loading. Please wait.

Presentation is loading. Please wait.

Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

Published byAugustine Gavin Harmon Modified over 8 years ago

Similar presentations

Presentation on theme: "Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the."— Presentation transcript:

1 Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” - Sun Tzu

2 What is Footprinting? Determining profile of potential targets - Domain names (external and internal) - IP addresses, subnets (blocks and specific) - Services - System architecture - Access control list (ACL) info - Intrusion Detection Systems (IDSs) - Protocols used - phone numbers/blocks - Authentication mechanisms - VPNs and remote access protocols - Personnel names, usernames, email addresses

3 Why Footprinting? - Publicly available info – Hard to prevent all of it from being available – Many legitimate searches mask recon efforts - Obtain potential target list - Obtain info for social engineering attacks – Spear phishing – Tech help calls - Determine relationships with other entities

4 Internet Footprinting 1. Determine scope – Be thorough and systematic 2. Get proper authorization – Written, from right person(s), detail what is allowed 3. Public info – Related organizations, personnel, current events, policies, etc. 4. Whois and DNS – Admin info, domain/subdomain names, IP addresses 5. DNS Interrogation – Mapping host names to IP addresses, internal IP addresses, etc. 6. Network reconnaissance – Network topology, access paths

5 Public Information - 1 Popularity = 9, Simplicity = 9, Impact = 2 => Risk = 7 1. Company web pages – Include other likely suspects (www1, web, test, etc.) – Review HTML source – may be best done off-line – Wget (gnu) – Unix/Linux; Teleport Pro (tenmax) – Windows – DirBuster (OWASP) – hidden files/directories – Remote access (Outlook Web Access, WebConnect,...) – VPNs – get vendor, version number, assistance contact info 2. Related organizations – Outsourced web development, e.g. – Aggregated data

6 Public Information - 2 3. Location info – Physical access – Social engineering hints – Wireless networks – MAC addrs from Google street car shodanhq.com/research/geomac – Dumpster diving 4. Employee info – One username -> better guesses at other user names – Phone number -> physical address – Personal info (social media, blackbookonline.info, etc.) – Employee directories (paid service) – Resumes (monster.com, etc.) and job postings (more details) – Disgruntled employees

7 Public Information - 3 5. Current Events – Company provided info – Trade rags, bulletin boards, etc. – SEC for publicly traded companies (EDGAR db at sec.gov) – Times of change (mergers, acquisitions, etc.) open holes – Times of plenty (rapid growth – mundane stuff lags) 6. Archived info – WayBack machine (archive.org) – Cached google (etc.) pages – May change to remove revealing info 7. Search Engines and Data Relationships – Special searches for remote access, misconfiguration, etc. – Google Hacking Database hackersforcharity.org – Athena 2.0 (snakeoillabs.com), SiteDigger 2.0 (foundstone.com) – Metadata search (FOCA – informatica64.com/foca) – SHODAN (shodanhq.com)

8 Public Information - 4 Countermeasures - think carefully about what you must reveal and what not - educate employees - monitor related organizations See RFC 2196 Site Security Handbook faqs.org/rfcs/rfc2196.html

9 Whois and DNS Enum - 1 Popularity = 9, Simplicity = 9, Impact = 3 => Risk = 7 1. ICANN/IANA – ASO – address supporting organization – GNSO – generic names supporting organization – CCNSO – Country code domain name supporting organization 2. ASO distributes IP ranges to Regional Internet Registries – APNIC – ARIN – LACNIC – RIPE – AfriNIC

10 Whois and DNS Enum - 2 3. Domain-related searches – Registry – Registrar – Registrant – Whois.iana.org, www.uwhois.com, internic.net/whois.html, etc.www.uwhois.com – SuperScan, NetScan Tools 4. IP-related searches – Search at registrar's site to get right registrar, etc. Countermeasures – Pseudonym for admin (see “LA Confidential”) – Phone number outside of company block (maybe 800 number) – Pay extra for unlisted domain – Require good authentication for updates (registry hijacking prevention)

Download ppt "Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the."

Similar presentations

Module II Footprinting

Module II Footprinting
SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.

SPATor: Improving Tor Bridges with Single Packet Authorization Paper Presentation by Carlos Salazar.
Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.

Managing IP addresses for your private clouds 2013 ASEAN CAS Summit Bangkok, Thailand 7 February 2013 George Kuo Member Services Manager.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Hacking Exposed 7 Network Security Secrets & Solutions

Hacking Exposed 7 Network Security Secrets & Solutions
This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.

This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod5_L1 1 Implementing Secure Converged Wide Area Networks (ISCW)
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Forces that Have Brought the world to it’s knees over the centuries.

Forces that Have Brought the world to it’s knees over the centuries.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Footprinting February 16, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Footprinting February 16, 2010 MIS 4600 – MBA © Abdou Illia.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.

Chapter 1 Introduction. Art of War  If you know the enemy and know yourself, you need not fear the result of a hundred battles.  If you know yourself.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
CSC586 Network Forensics IP Tracing/Domain Name Tracing.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.
Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.

Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.
Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.

Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.
Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.
9.1. The Internet Domain Names and IP addresses. Aims Be able to compare terms such as Domain names and IP addresses URL,URI and URN Internet Registries.

9.1. The Internet Domain Names and IP addresses. Aims Be able to compare terms such as Domain names and IP addresses URL,URI and URN Internet Registries.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

Similar presentations

Ads by Google