To find the network range, attacker can get more detailed information from the appropriate regional registry database. They can also trace the route between his system and the target system.
There are many traceroute tools and two of the popular tools are NeoTrace and Visual Route. Some other tools are based on POC input of the various ISP/NSP router and thus it is possible that the information shown on these tools may not be entirely correct. It is always a good practice to check more than on registry.
IF the DNS servers are not set up correctly, the attack may be able to obtaining the list of internal machine. And if attacker traceroute to a machine, he can also get internal IP of the gateway which can be of use.
ARIN allows search on the whois database to locate information on network autonomous system numbers (ASNs), network related handles and other related point of contact. ARIN also has a set of additional tools and links to other sites such as RWhois.net.
Up to this moment the information gathering activities are completely passive (with exception of traceroute which can be detected) and undetectable by the target organization. Doing footprinting help administrator know what information lies outside the organization and potential threat it can pose to the organization.
Traceroute
Traceroute works by exploited a feature in Internet Protocol called Time To Live (TTL). TTL is interpreted to indicate the maximum number of routers a packet may transit. Each router handle a packet will decrement TTL count in ICMP header by 1. When the count reach zero, the packet will be discarded and an error message will be transmitted to the originator.
Traceroute send out a packet destined for the target. It sets the TTL to 1. The first router receives the packet, decrement TTL by 1 and if the result is 0, it discards the packet and send a message back to the originator to inform it that the packet is discarded. Traceroute record the IP address and DNS name, if any, of the router, then send out packet with TTL = 2. This packet make it through first router and then is discarded by second router. The second router send a message back to the originator. Traceroute repeatly do this and record the IP address as the packet route through the network to reach the destination, or until the host is unreachable. Traceroute also record the time it took for each packet to travel round trip to each router.
There are many traceroute tools and two of the popular tools are NeoTrace and Visual Route. Some other tools are based on POC input of the various ISP/NSP router and thus it is possible that the information shown on these tools may not be entirely correct. It is always a good practice to check more than on registry.
IF the DNS servers are not set up correctly, the attack may be able to obtaining the list of internal machine. And if attacker traceroute to a machine, he can also get internal IP of the gateway which can be of use.
ARIN allows search on the whois database to locate information on network autonomous system numbers (ASNs), network related handles and other related point of contact. ARIN also has a set of additional tools and links to other sites such as RWhois.net.
Up to this moment the information gathering activities are completely passive (with exception of traceroute which can be detected) and undetectable by the target organization. Doing footprinting help administrator know what information lies outside the organization and potential threat it can pose to the organization.
Traceroute
Traceroute works by exploited a feature in Internet Protocol called Time To Live (TTL). TTL is interpreted to indicate the maximum number of routers a packet may transit. Each router handle a packet will decrement TTL count in ICMP header by 1. When the count reach zero, the packet will be discarded and an error message will be transmitted to the originator.
Traceroute send out a packet destined for the target. It sets the TTL to 1. The first router receives the packet, decrement TTL by 1 and if the result is 0, it discards the packet and send a message back to the originator to inform it that the packet is discarded. Traceroute record the IP address and DNS name, if any, of the router, then send out packet with TTL = 2. This packet make it through first router and then is discarded by second router. The second router send a message back to the originator. Traceroute repeatly do this and record the IP address as the packet route through the network to reach the destination, or until the host is unreachable. Traceroute also record the time it took for each packet to travel round trip to each router.
沒有留言:
張貼留言