Network Mapping Tools

social engineering hacking

Network Mapping Tools

When you're mapping out your network, you can search public databases and resources to see what the hackers know about you.

Whois

The best starting point is to perform a Whois lookup by using any one of the Whois tools available on the internet. Whois is the tool you've most likely used to check whether a particular Internet domain name is available.

For Ethical Hacking. Whois provides information that can give a hacker  a leg up to start a social-engineering attack or to scan your network:

• Internet domain-name information, such as contact names and addresses
• DNS servers responsible for your domain

You can look up Whois information at one of the following places:

• A domain registrar's site, such as www.networksolutions.com or www.registerfly.com.
• An ISP's tech-support page.

My favorite Whois tool is Sam Spade (www.samspade.org). You can use its web site or download its Windows-based tool, shown in next image.

You can run DNS queries directly from the site or download the site's Windows-based tool and run it from your PC. Sam Spade can

• Display general domain-registration information
• Show which host handles e-mail (the Mail Exchange or MX record) for a domain
• Determine whether the host is listed on some spam blacklists

 The following list runs down various lookup sites for other categories:

• Government: whois.nic.gov
• Military: whois.nic.mil
• AfriNIC: www.afrinic.org (energing Regional Internet Registry for Africa)
• APNIC: www.apnic.net/search/index.html (Regional Internet Registry for the Asia Pacific Region)
• ARIN: www.arin.net/whois/index.html (Region Internet Registry for North America, a portion of the Caribbean, and subequatorial Africa)
• LACNIC: Latin America and Caribbean Internet Addresses Registry www.lacnic.net
• RIPE Network Cordination Centre: www.ripe.net/db/whois/whois.html (Europe, central Asia, African countries north of the equator, and the Middle East)

Alldomains.com offers a reverse Whois service called D-Tective. This paid service finds specific Internet domains for a domain name, a phone number, or an address.

Google Groups

The Google Groups at groups.google.com can reveal surprising public network information. Serach for such information as your hostnames, IP addresses, and usernames. You can search hundreds of million of Usenet posts ack in 1981 for public and often very private information.

You might find some information such as the following that you didn't realize was beign made public:

• A tech-support oe similar message that divulges too much information about your systems. Many people who post messages to Usenet don't realize that their messages are shared with the world.
• Disgruntled employees or customers who have posted confidential information about your company.

A few years ago, I was helping some folks at an Internet startup company select a telephone service vendor. I searched Google Groups foe a vendor they were interested in and turned up some interesting information about the telephone service's network. Apparently, its network administrator had posted some messages to a tech-support site that revealed his full name and e-mail address, specific server names, IP addresses, and network configuration information of its internal systems. My customer used another vendor.

If you discover that confidential information is posted about your ompany, you may be able to get it removed. Check out the Google Groups help page at groups.google.com/googlegroups/help.html for details.

Privacy Policies

Check your Web site's privacy policy. A good practice is to disclose basic information about how user information is protected.

Make sure that the people writing provacy policies don't divulge details about your information-security infrastructure. An Internet startup businessman once contacted me about business oppotunities. During  the conversation, he was bragging about his company's security systems to ensure the privacy of client information. I went to his Web site to check out his privacy policy. He had posted the brand and model of firewall he was using. Not a good idea!