Footprinting

Footprinting

What is Footprinting?

Footprinting is the technique to gather the maximum amount of information as possible about the targeted network/victim/system. It helps hackers in various ways to intrude on an organization's system. This technique also determines the security postures of the target. Footprinting can be active as well as passive. Passive footprinting/pseudonymous footprinting involves the gathering of knowledge without the owner knowing that hackers gather his/her data. Conversely, dynamic impressions are made when individual information gets discharged deliberately and purposefully or by direct contact of the proprietor.

Sub Branches of Footprinting

Other than sorts of footprinting, there are some branches of footprinting which a learner should know before gathering information.

• Open-Source Footprinting.
• Network-based Footprinting.
• DNS Interrogation.

Open-Source Footprinting

This type of footprinting is the safest holding all legal limitations, and hackers can do it without any fear because it is not at all illegal and hence coined the term Open-source. Examples of this sort include: finding someone's email address, telephone number, scanning IP through automated tools, look for his age, DOB, house address, etc. Most companies provide information about their companies on their official website without realizing the fact that hackers' can get benefit from that information provided by them.

Network-based Footprinting

Using this category of footprinting, hacktivists can retrieve information like user name, information within a gaggle, data that are shared among individuals, network services, etc.

DNS Interrogation

After gathering the knowledge needed from the various areas using various techniques, the hacker usually queries the DNS using pre-existing tools. Numerous freeware devices are accessible online to perform DNS cross-examination.

Tools, Techniques, and Tricks for Information Gathering

Tools

Whois is a renowned Internet record listing tool to identify who owns a domain or who registers for that particular domain along with their contact details. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain registration and ownership details. Whois records have proven to be extraordinarily beneficial and have developed into an important resource for maintaining the integrity of the name registration and website ownership process.

• A harvester is additionally an information-gathering tool where it helps you to extract the e-mail address and subdomains of a specific target. Harvester is coded using a simple python script which searches information from giant search engines like Google, Yahoo, Bing, and much more.
• Metagoofil is another operation or footprinting tool used for extracting information or data which is publicly available on the web belonging to the corporate.
• Netifera may be a potent tool that provides an entire platform to collect information regarding the targeted website you would like to attack. It a free tool that comes inbuilt with Backtrack Linux OS. This software will give information such as IP address, the Programming language used for website development, the number of websites hosted, DNS.

Techniques

• OS Identification: involves sending illegal TCP (Transmission Control Protocol) or ICMP (Internet Control Message Protocol) packets to the victim's system to identify the OS (Operating system) used by the victim on his server or computer.
• A ping sweep may be a technique of building a variety of IP addresses that map hackers to measure hosts. Fling, Nmap, Zenmap, ICMPEnum, SuperScan are a number of the tools wont to ping an outsized number of IP addresses at a time; to get lists of hosts for giant subnets.

Tricks

We can gather information from other different sources such as social networking sites (Facebook, Twitter, LinkedIn, etc.) are the sites where general users share their personal data and additional information related to them. Even search engines play a significant role in gathering information.



Hackers also can gather information from various financial services a few takeover targets, like the market price of a company's shares, company profile, competitor details, etc.




Hackers also can collect information from the e-mail header, which includes:

• Address from which message was sent.
• Sender's email server.
• Sender's IP address.
• Date and time received by the originator's email server.
• Authentication system used by the sender's mail server.
• Sender's full name.

Objectives of Footprinting

1. Collect Network Information: such as Domain name, Internal domain names, IP addresses of the reachable systems, rogue websites/private websites within the domain, Access Control Mechanisms, protocols used, existing VPNs, analog also, computerized phone numbers, verification components, and framework count.
2. Collect System Information: such as users and group names, system banners, routing tables, and the routing protocols it is using, SNMP information, system architecture, operating system used, remote system type, username, and passwords.
3. Collect Organizations' Information: such as Employee details, organization's website, company directory, local details, address and phone numbers, comments in HTML Source code within an organization's website, security policies implemented, web server links relevant to the organization, news articles, and handout.

Countermeasures

• Classify the sort of data that is required to be kept public.
• Don't put unnecessary information into any profile, social networking account, or any internet site.
• Don't keep personal contact number in any company or organization's phone book, mainly to prevent war-dialing.

Countermeasures Against DNS Interrogation

• Keep internal DNS and external DNS separate.
• Restrict and disable zone transfer to authorized servers.