• Choose a category
• All
• Classic-Fiction

FIGURE 2.4 ARIN output for http: //www. Yahoo. com

Analyzing Whois Output

A simple way to run Whois is to connect to a website (for instance, www. networksol uti ons . com) and conduct the Whois search. The following is the output of a Whois search of the site www.eccouncil.org:

Be aware that other geographical regions outside North American have their own Internet registries, such as RIPE NCC (Europe, the Middle East, and parts of Central Asia), LACNIC (Latin American and Caribbean Internet Addresses Registry), and APNIC (Asia Pacific Network Information Centre).

The contact names and server names in this book have been changed.

Notice the four boldface lines. The first shows the target company or person (as well as their physical address, e-mail address, phone number, and so on). The next shows the administration or technical contact (and their contact information). The last two boldface lines show the names of domain name servers.

Finding the Address Range of the Network

Every ethical hacker needs to understand how to find the network range and subnet mask of the target system. IP addresses are used to locate, scan, and connect to target systems. You can find IP addresses in Internet registries such as ARIN or the Internet Assigned Numbers Authority (IANA).

An ethical hacker may also need to find the geographic location of the target system or network. This task can be accomplished by tracing the route a message takes as it's sent to the destination IP address. You can use tools like traceroute, VisualRoute, and NeoTrace to identify the route to the target.

Additionally, as you trace your target network, other useful information becomes available. For example, you can obtain internal IP addresses of host machines; even the Internet IP gateway of the organization may be listed. These addresses can then be used later in an attack or further scanning processes.

Identify Different Types of DNS Records

The following list describes the common DNS record types and their use:

■ A (address)-Maps a host name to an IP address

■ SOA (Start of Authority)-Identifies the DNS server responsible for the domain information

■ CNAME (canonical name)-Provides additional names or aliases for the address record

■ MX (mail exchange)-Identifies the mail server for the domain

■ SR V (service)-Identifies services such as directory services

■ PTR (pointer)-Maps IP addresses to host names

■ NS (name server)-Identifies other name servers for the domain

Understand How Traceroute Is Used in Footprinting

Traceroute is a packet-tracking tool that is available for most operating systems. It operates by sending an Internet Control Message Protocol (ICMP) echo to each hop (router or gateway) along the path, until the destination address is reached. When ICMP messages are sent back from the router, the time to live (TTL) is decremented by one for each router along the path. This allows a hacker to determine how many hops a router is from the sender.

One problem with using the traceroute tool is that it times out (indicated by an asterisk) when it encounters a firewall or a packet-filtering router. Although a firewall stops the traceroute tool from discovering internal hosts on the network, it can alert an ethical hacker to the presence of a firewall; then, techniques for bypassing the firewall can be used.

Sam Spade and many other hacking tools include a version of traceroute. The Windows operating systems use the syntax tracert hostname to perform a traceroute. Figure 2.5 is an example of traceroute output for a trace of www. yahoo. com.

Notice in Figure 2.5 that the message first encounters the outbound ISP to reach the Yahoo web server, and that the server's IP address is revealed as 68.142.226.42. Knowing this IP address enables the ethical hacker to perform additional scanning on that host during the scanning phase of the attack.

FIGURE 2.5 Traceroute output for www. yahoo. com

Tracert identifies routers located en route to the destination's