Section 9.6. Hardware and Software


9.6. Hardware and Software

In Chapters 5 and 6, I explained how information about operating systems and software components is revealed in the HTTP headers that are exchanged between the browser and server during a standard web transaction. The version numbers for each component can offer insight into how recently a computer has been updated. They also have the potential to advertise security vulnerabilities to would-be attackers.

While those data will not tell you anything about hardware , you may learn something by looking at the hostnames of machines. Reverse DNS lookups on home computers will often reveal the type of Internet connection they use. In these four examples, the first two are clearly connected via cable modems, whereas the third uses DSL. You can assume the fourth uses DSL as well, since this ISP offers only this type of connection.

     CableLink44-##.INTERCABLE.net     modemcable077.56-###-###.mc.videotron.ca     DSL217-132-###-###.bb.netvision.net.il     h-64-105-###-###.sttnwaho.covad.net 

In some cases, a hostname can tell you something about the network of which it is a part. Network administrators often name machines according to a defined scheme. This helps them track their inventory and can help in troubleshooting. For example, one of my collaborators has the machine name HPEDY2K0112. If I knew nothing about this person I might guess it was running Windows 2000 from the Y2K reference, and I might guess that it was machine ID 112 on that network. This person works in a Pediatrics Department at a hospital, which explains the HPED part of the name. Looking at just this one example, I now know the naming convention used throughout this institute and have an estimate of how many machines are in this department. Embedding information in hostnames in this way may be convenient but it can backfire on you.



Internet Forensics
Internet Forensics
ISBN: 059610006X
EAN: 2147483647
Year: 2003
Pages: 121

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net