CEH.V6.-.Module.38.VoIP.Hacking

Reproduction is strictly prohibited whois and dns

Info iconThis preview shows page 1. Sign up to view the full content.

View Full Document Right Arrow Icon
This is the end of the preview. Sign up to access the rest of the document.

Unformatted text preview: l All Rights Reserved. Reproduction is Strictly Prohibited WHOIS and DNS Analysis DNS th di DNS is the distributed database system used to map IP addresses to IP hostnames Every organization with an online presence relies on DNS in order to route website visitors and external email to the correct places WHOIS search reveals the IP address ranges that an organization owns Based on this information, hackers can determine which servers are running DNS and SMTP services EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Steps to Perform Footprinting Find companies’ external and internal URLs Perform whois lookup for personal details Extract DNS information Mirror the entire website and look up names Extract archives of the website Google search for company’s news and press releases Use people search for personal information of employees Analyze company’s infrastructure details from job postings EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Scanning Scanning EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Host/Device Discovery First step of scanning is to collect an active target list and figure out what devices are accessible on the network th Ping large number of IP addresses and check for any responses Methods to ping IP addresses: ICMP ping sweeps ARP pings TCP ping scans SNMP sweeps EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ICMP Ping Sweeps Easy way to identify active hosts by sending ICMP ECHO REQUEST packets Send ICMP ECHO REPLAY packets if ICMP is unblocked by firewalls Tools for ICMP Ping Sweeps: • • • • • fping Nmap super scan Nessus Ping and port sweep utility EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited ARP Pings ARP ping requests MAC address through a large range of IP addresses It identifies live hosts on the network Tools: • Arping • MAC address discovery tool EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TCP Ping Scans Sends Sends TCP SYN or ACK flagged packets to TCP port on the target host RST RST packet that comes as a response indicate that a host is alive Tools: • Nmap • hping2 EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited SNMP Sweeps Scan to return sensitive information because the default “public” community string is always used Tools Tools: SNS Scan snmpwalk Nomad Cheops snmpenum snmp-audit EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Port Scanning and Service Discovery Discovery Technique Technique of connecting TCP and UDP ports on target to search for active services Determines the vulnerabilities present on the target host or devices Method to scan active services: • TCP Scan • UDP scan EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited TCP SYN Scan Sends a TCP SYN packet to a specific port to establish a TCP connection A returned SYN/ACK-flagged TCP packet indicates the port is open RTP packet indicates a closed packet EC-Council Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited UDP Scan Sends an empty UDP header to each UDP port on the target EC-Council If it responds, it indicates an active service is listening It is unused, if you get an ICMP port unreachable error Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited Host/Device Identification Determines the type of devices, hosts by OS and firmware types Method Method to identify the host/device: • Stack Fingerprinting: • A technique for further identifying the innards of a target host or device Tools used to identify host or devices • • • • • EC-Council Nmap Xprobe2 Ar...
View Full Document

This note was uploaded on 02/12/2013 for the course CEH v6 taught by Professor John during the Summer '13 term at West Point.

Ask a homework question - tutors are online