Module II Footprinting

Slides:

Advertisements

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

Advertisements

Computer Networks21-1 Chapter 21. Network Layer: Address Mapping, Error Reporting, and Multicasting 21.1 Address Mapping 21.2 ICMP 21.3 IGMP 21.4 ICMPv6.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

SYSTEM ADMINISTRATION Chapter 19

Firewalls and Intrusion Detection Systems

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 13: Troubleshoot TCP/IP.

Internet Control Message Protocol (ICMP)

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Chapter 11: Networking with TCP/IP and the Internet Network+ Guide to Networks Third Edition.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

1 DNS,NFS & RPC Rizwan Rehman, CCS, DU. Netprog: DNS and name lookups 2 Hostnames IP Addresses are great for computers –IP address includes information.

Secure Network Design: Designing a Secure Local Area Network IT352 | Network Security |Najwa AlGhamdi1 Case Study

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Ch 8-3 Working with domains and Active Directory.

Guide to TCP/IP, Third Edition

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Name Resolution Domain Name System.

Network Reconnaissance

Problem Statement Map of OSU Routers Gopi Krishna Tummala Rupam Kundu Graduate Students The Ohio State University.

Chapter 4. After completion of this chapter, you should be able to: Explain “what is the Internet? And how we connect to the Internet using an ISP. Explain.

1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.

Chapter 6: Packet Filtering

0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.

CIS 450 – Network Security Chapter 3 – Information Gathering.

October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.

Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.

© Jörg Liebeherr (modified by M. Veeraraghavan) 1 ICMP: A helper protocol to IP The Internet Control Message Protocol (ICMP) is the protocol used for error.

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

Domain Name System Refs: Chapter 9 RFC 1034 RFC 1035.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

Chapter 2 The Internet Underlying Architecture. How the DNS works? DNS: Domain Name System Visiting a website: - Write the address - IP will use the address.

IT ELECTRONIC COMMERCE THEORY NOTES

PRACTICAL INTRODUCTION TO INTERNET TECHNOLOGY. Practical one PACKET DELAY AND LOSS IN INTERNET In this experiment, you will observe real delays and loss.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

TCOM Information Assurance Management Casing the Establishment.

Footprinting and Scanning

Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

CPMT 1449 Computer Networking Technology – Lesson 3

Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.

“ is not to be used to pass on information or data. It should used only for company business!” – Memo from IBM Executive The Languages, Methods &

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

1 Kyung Hee University Chapter 11 User Datagram Protocol.

Network Devices and Firewalls Lesson 14. It applies to our class…

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.

Click to edit Master subtitle style

Troubleshooting a Network

Footprinting and Scanning

Traceroute traceroute is a Unix utility designed by Van Jacobson in 1987 The Windows equivalent is called tracert The Linux equivalent is called tracepath.

Network Tools and Utilities

Authors – Johannes Krupp, Michael Backes, and Christian Rossow(2016)

Troubleshooting IP Communications

Footprinting and Scanning

2018 Latest Eccouncil Exam Questions Answers - Eccouncil Dumps PDF

FootPrinting CS391.

Learning objectives By the end of this unit you should: Explain

Passive Research Section 2 11/29/2018.

Networking Essentials For Firewall-1 Administrators

Presentation transcript:

Module II Footprinting Ethical Hacking Module II Footprinting

Scenario Adam is furious. He had applied for the network engineer job at targetcompany.com He believes that he was rejected unfairly. He has a good track record, but the economic slowdown has seen many layoffs including his. He is frustrated – he needs a job and feels he has been wronged. Late in the evening he decides that he will prove his mettle. What do you think Adam would do? Where would he start and how would he go about it? Are there any tools that can help him in his effort? Can he cause harm to targetcompany.com? As a security professional, where can you lay checkpoints and how can you deploy countermeasures?

Module Objectives Overview of the Reconnaissance Phase Introducing Footprinting Understanding the information gathering methodology of hackers Comprehending the Implications Learning some of the tools used for reconnaissance phase Deploying countermeasures

Revisiting Reconnaissance Reconnaissance refers to the preparatory phase where an attacker seeks to gather as much information as possible about a target of evaluation prior to launching an attack. It involves network scanning either external or internal without authorization.

Defining Footprinting Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. Footprinting is one of the three pre-attack phases. The others are scanning and enumeration. Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved.

Information Gathering Methodology Unearth initial information Locate the network range Ascertain active machines Discover open ports / access points Detect operating systems Uncover services on ports Map the Network Footprinting

Unearthing Initial Information Commonly includes: Domain name lookup Locations Contacts (Telephone / mail) Information Sources: Open source Whois Nslookup Hacking Tool: Sam Spade

NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Whois Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name: targetcompany.COM Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Administrative Contact: Surname, Name (SNIDNo-ORG) targetcompany@domain.com targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Technical Contact:

Nslookup Nslookup is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure. Helps find additional IP addresses if authoritative DNS is known from whois. MX record reveals the IP of the mail server. Both Unix and Windows come with a Nslookup client. Third party clients are also available – E.g. Sam Spade

Scenario (contd.) Adam knows that targetcompany is based at NJ. However, he decides to check it up. He runs a whois from an online whois client and notes the domain information. He takes down the email ids and phone numbers. He also discerns the domain server IPs and does an interactive Nslookup. Ideally. what extent of information should be revealed to Adam during this quest? Are there any other means of gaining information? Can he use the information at hand in order to obtain critical information? What are the implications for the target company? Can he cause harm to targetcompany at this stage?

Locate the Network Range Commonly includes: Finding the range of IP addresses Discerning the subnet mask Information Sources: ARIN (American Registry of Internet Numbers) Traceroute Hacking Tool: NeoTrace Visual Route

ARIN ARIN allows search on the whois database to locate information on networks autonomous system numbers (ASNs), network-related handles and other related point of contact (POC). ARIN whois allows querying the IP address to help find information on the strategy used for subnet addressing.

Screenshot: ARIN Whois Output

Traceroute Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live. Traceroute reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs . As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP) to the originator. Routers with DNS entries reveal the name of routers, network affiliation and geographic location.

Tool: NeoTrace (Now McAfee Visual Trace) NeoTrace shows the traceroute output visually – map view, node view and IP view

Tool: VisualRoute Trace

Tool: SmartWhois SmartWhois is a useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information Unlike standard Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.

Scenario (contd.) Adam makes a few searches and gets some internal contact information. He calls the receptionist and informs her that the HR had asked him to get in touch with a specific IT division personnel. It’s lunch hour, and he says he’ d rather mail to the person concerned than disturb him. He checks up the mail id on newsgroups and stumbles on an IP recording. He traces the IP destination. What preventive measures can you suggest to check the availability of sensitive information? What are the implications for the target company? Can he cause harm to targetcompany at this stage? What do you think he can do with the information he has obtained?

Tool: VisualLookout VisualLookout provides high level views as well as detailed and historical views that provide traffic information in real-time or on a historical basis. In addition the user can request a "connections" window for any server, which provides a real-time view of all the active network connections showing who is connected, what service is being used, whether the connection is inbound or outbound, and how many connections are active and how long they have been connected.

Tool: VisualRoute Mail Tracker

Screenshot: VisualRoute Mail Tracker

Tool: eMailTrackerPro eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results

Tool: Mail Tracking (mailtracking.com) Mail Tracking is a tracking service that allows the user to track when his mail was read, for how long and how many times. It also records forwards and passing of sensitive information (MS Office format)

Summary Information gathering phase can be categorized broadly into seven phases. Footprinting renders a unique security profile of a target system. Whois, ARIN can reveal public information of a domain that can be leveraged further. Traceroute and mail tracking can be used to target specific IP and later for IP spoofing. Nslookup can reveal specific users and zone transfers can compromise DNS security.