2.2.9 Network Footprinting

Locate the Network Range

  • Network range information assists attackers to create a map of the target network.
  • Find the range of IP addresses using ARIN whois database search tool.
  • You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR).

Traceroute (重要)

  • Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the rotuers on the path to a target host.
  • Manual traceroute: ping -i 1
  • UDP 33434-33534 Random
  • ICMP type3: Destination Unreachable
  • ICMP type11: Time Exceeded

Traceroute Analysis

  • Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations.
  • For example: after running several traceroutes, an attacker might obtain the following information:
    • traceroute 1.10.10.20, second to last hop is 1.10.10.1
    • traceroute 1.10.10.20, third to last hop is 1.10.10.1
    • traceroute 1.10.20.10, second to last hop is 1.10.10.50
    • traceroute 1.10.20.15, third to last hop is 1.10.10.1
    • traceroute 1.10.20.15, second to last hop is 1.10.10.50
  • By putting this information together, attackers can draw the network diagram.

Traceroute Tools

results matching ""

    No results matching ""