We have found however that zone transfers are usually

Info icon This preview shows pages 5–6. Sign up to view the full content.

View Full Document Right Arrow Icon
networks to search and will learn the number of machines on a subnet. We have found, however, that zone transfers are usually prohibited. The final step in Layer 1 is searching for publicly available information about the client organization. Annual reports and trade publications can yield important information, such as alliances with other companies (useful in determining potential attack channels from ) or important product areas. A search of Usenet postings can result in more useful information, such as machine names, user names, addresses, and interests. For example, we once discovered an entire organization within the target company by mapping the NNTP-POSTING-HOST headers from Usenet posts. This discovery, in turn, led to discovery an unsecured ftp server, a perfect foothold within the network during subsequent testing activity. While some of the information obtained in this manner may not be directly useful, it may aid in a social engineering attack (should the commissioning organization authorize such an attack). Layer 2 - Proximate Information Gathering Layer 2 involves proximate information gathering from sources within the target network itself. The probes in Layer 2 can and should be detected by the target organization. The client organization is likely to notice the penetration team's activity at this level. The first step is to attempt a DNS zone transfer from the target's primary nameserver, although, again, the majority of the organizations for whom we have performed firewall testing prohibit zone transfers. On the other hand, the information that is available from the target network's DNS will include information about any firewall systems, possibly an internal mail host, any systems intended for public access that are located within in the DMZ, and perhaps several routers. After using nslookup to obtain information, the testing team next scans networks for hosts. This task can be time consuming, depending on the size of the target network, and we typically skip this task when the client requires that testing be accomplished within a very short time span. The least time is required when the only reachable part of the network is the DMZ and gateway systems therein. If the firewall allows scanning of the internal network(s), the testing team will gain information that is extremely useful in launching attacks later, but in this case scanning will typically require a considerable amount of time. Two methods for scanning network address spaces for hosts are available. Both involve attempting to connect to every possible IP address within an address space. The first method uses the ping command. The second method requires that the testing team attempt a connection to TCP port 25. Routers can drop ICMP echo (ping) packets, so sending at least three packets to each address is advisable.
Image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full Document Right Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern