Beginningers’ Guide Mapping a Basic Level: Network Footprint
As we discussed, we extracted DNS names from a particular domain. That returned hostnames which are or were historically, part of the domain’s infrastructure.
Continued Level 1 Network Footprint
In this article we look at the next step to map the Level 1 network footprint , which is to determine the IP addresses for the hostnames as well as the netblock that these IP addresses belong to.
Each step of this process, we run a Transform on the Output Entities of the previous Transform and also protests myanmar netblocksfingasengadget.
1. Pivoting off DNS Names
The first step is to start with the DNS Names we have from the previous article and then execute the Transform “To IP Address [DNS”To IP Address” to find IP addresses. This transform converts the input Entity using DNS to IP addresses.
2. Deriving The Netblocks from IP Addresses
Then, we calculate the netblocks IP addresses are part of by running the Transform To Netblock [Using natural boundariesto Netblock [Using natural boundaries]’. The Transform defaults to divide an IP address area into 256 blocks of IP addresses, and then returns the block the given IP address fits into. The size of the block can be set through the Transform input (little spanner icon right next to the Transform’s name in the Transform menu).
How is Netblock Information Obtained?
Netblock information is also extracted from the routing updates released via BGP. Border Gateway Protocol (BGP) on the Internet backbone. The Transform ‘To Netblock [Using routing detailsusing routing info’ makes use of this information to assign a netblock to an IP address.
Similar to nature’s boundaries we must draw a few presumptions about the size and validity of the netblocks. The size and quality of the netblock for an IP address are determined by how the BGP routing view used to calculate the Transform. This means that we can receive a lower (or better-defined) or a larger (less accurate) netblock when using this Transform. Furthermore, the size of the netblock could not reflect all of the recent changes to it because there is an inability to generate the views of routing from BGP the routing update.
3. Return the AS Number Owning the Netblocks
We now pivot on the netblocks returned in order to calculate what we call the Autonomous System (AS) which controls the blocks. For this we use the Transform “To AS Number’. This Transform provides the owner of a particular netblock by using the Regional Internet Registry (RIR) databases.
4.Identifying Out the Owner of the AS Numbers
Then, we determine that the person who is the owner for the AS numbers through the Transform “To Company OwnerTo Company [Owner]’. This Transform removes the owner information of a particular AS from those RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this post we’ve discussed how you can derive IP addresses netblocks AS numbers, and AS owners. Together with deriving DNS hostnames from domain names, creates a Level 1 network footprint. It reveals the Internet infrastructure that services use that are offered under the domain name. Because companies generally offer their services under their company domain, this footprint shows the infrastructure the company uses to provide the products or services it provides.
If you are here Congratulations! Footprinting using L1 is standard in IT security, and running the Transforms introduced in Part 1 and this blog post on new domains is repetitive and tedious. Therefore, includes the L1 footprinting machine.
Automate Level 1 Network Footprint with Machines
Machines are similar to macros that execute a fixed set of Transforms. Find out more about Machines and how to create them this blog post.
It is possible to have all of the above Transforms executed in the same order by using the L1 footprint machine. If you want to operate a device, select Machines >>Footprint L1 with your starting Domain Entity selected, and then allow the magic to be completed.
