Chapter 1: Footprinting

Chapter 1: Footprinting

OVERVIEW

Before the real fun for the hacker begins, three essential steps must be performed. This chapter will discuss the first one footprinting the fine art of gathering target information. For example, when thieves decide to rob a bank, they don't just walk in and start demanding money (not the smart ones, anyway). Instead, they take great pains in gathering information about the bankthe armored car routes and delivery times, the video cameras , the number of tellers and escape exits, and anything else that will help in a successful misadventure.

The same requirement applies to successful attackers. They must harvest a wealth of information to execute a focused and surgical attack (one that won't be readily caught). As a result, attackers will gather as much information as possible about all aspects of an organization's security posture . Hackers end up with a unique footprint, or profile of their target's Internet, remote access, and intranet/extranet presence. By following a structured methodology, attackers can systematically glean information from a multitude of sources to compile this critical footprint of nearly any organization.

Sun Tzu had this figured out centuries ago when he penned the following in Sun Tzu on the Art of War: "If you know the enemy and know yourself, you need not fear the result of a hundred battles . If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."

You may be surprised to find out just how much information is readily available about your organization's security posture to anyone willing to look for it. It is essential for you to know what the enemy already knows about you!

WHAT IS FOOTPRINTING?

The systematic and methodical footprinting of an organization enables attackers to create a complete profile of an organization's security posture . By using a combination of tools and techniques coupled with a healthy dose of patience, attackers can take an unknown entity (for example, XYZ Organization) and reduce it to a specific range of domain names , network blocks, and individual IP addresses of systems directly connected to the Internet, as well as many other details pertaining to its security posture. Although there are many types of footprinting techniques, they are primarily aimed at discovering information related to the following environments: Internet, intranet, remote access, and extranet. Table 1-1 depicts these environments and the critical information an attacker will try to identify.

Table 1-1: Environments and the Critical Information Attackers Can Identify

Technology

Identifies

Internet

Domain name

Network blocks

Specific IP addresses of systems reachable via the Internet

TCP and UDP services running on each system identified

System architecture (for example, Sparc vs. x 86)

Access control mechanisms and related access control lists (ACLs)

Intrusion-detection systems (IDSs)

System enumeration ( user and group names, system banners, routing tables, and SNMP information) DNS hostnames

Intranet

Networking protocols in use (for example, IP, IPX, DecNET, and so on)

Internal domain names

Network blocks

Specific IP addresses of systems reachable via the intranet

TCP and UDP services running on each system identified

System architecture (for example, SPARC vs. x 86)

Access control mechanisms and related ACLs

Intrusion-detection systems

System enumeration (user and group names, system banners, routing tables, and SNMP information)

Remote access

Analog/digital telephone numbers

Remote system type

Authentication mechanisms

VPNs and related protocols (IPSec and PPTP)

Extranet

Connection origination and destination

Type of connection

Access control mechanism

Why Is Footprinting Necessary?

Footprinting is necessary to systematically and methodically ensure that all pieces of information related to the aforementioned technologies are identified. Without a sound methodology for performing this type of reconnaissance, you are likely to miss key pieces of information related to a specific technology or organization. Footprinting is often the most arduous task of trying to determine the security posture of an entity; however, it is one of the most important. Footprinting must be performed accurately and in a controlled fashion.