Reconnaissance In Virtual Space

An anonymous reader writes "Whitedust Security have released an interesting article discussing online reconnaissance techniques. From the article: 'Sometimes thirty-two bits are all you need. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concerning a target via the Internet'."

little content

[MJArrison]

There is very little here besides:

man nslookup
man whois

Try those commands for a more complete understanding of what's going on.

Reconnaissance!?

[david+duncan+scott]

nslookup and whois? My God, is it legal to disseminate such critical information as this?

Jeez, I was hoping for something vaguely Kevin Mitnick, and instead I get Sam Spade. This may not be Intarweb 101, but it's maybe 102.

Re:Who is/are Whitedust Security?

[aster_ken]

Given that their current poll concerns a recent browser security controversy instead of an actual security issue, I would guess they are a company that was recently started by an amateur computer security consultant.

Actually, why does a security site even have a poll?

Junk article.

[mindstrm]

This is junk.

"You can do a traceroute, a dns lookup, and read public whois data!"

Then this stuff about how IP addresses are broken up into "classes" to ease routing.. err, no, they aren't.. though they used to be many, many years ago.

Also... * * * in a traceroute may indicate ICMP filtering, but more often indicates that rfc1518 private addresses were used on the links, which are then blocked elsewhere. Perfectly normal, and quite common.

Dear Zonk

[rincebrain]

Please stop posting articles which the majority of the Slashdot community find insulting to their intelligence.

Thank you.

Welcome to 5 years ago

I don't see how this made it to the front page of Slashdot? This is pretty much a "diet" version of "Tracking Spammers 101" from 5 years ago. In fact, I wonder if this is a txt file someone got from a BBS in 1993. This "paper" has pleanty of flaws. Let's list them:

1. A practical guide to Internet reconnaissance.

Wrong. This isn't practical because it doesn't provide the investigator any useful information.

2. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concerning a target via the Internet. Utilizing publicly available resources, we can quickly learn a good deal about a suspicious host, such as its service provider and originating country.

Wrong. This paper doesn't even mention the use of a certain wildly-popular search engine to see if other people are talking about the same host. This paper doesn't talk about using RadB, looking glasses, route servers or any other public resource that allows you to do a "fly-over" of your target.

3. Coupled with real-world knowledge, we can assess the threat posed by a would-be attacker and react accordingly.

What real world knowledge would that be? You can assess the threat by the source IP? Really? It's common knowledge that many times the attack source IP isn't really where the attacker is sitting. So that pretty much kills the point of this "paper" now doesn't it.

4. Along with a good idea of where to start, this requires some basic working knowledge of the Internet and the communication for which it provides.

Good. Basic working knowledge. So my mom is all primed to get started in a career in internet investigations. Super.

5. The Internet is a cloud.

Yeah I have Visio too. Nice.

6. Not literally, of course, but it is often pictured this way due to its vague nature. From the outside, it appears as a single entity, but from within it is impossible to determine its boundaries.

Oh dude, you like totally had me there for a second. Then you started sounding like Carl Sagan and I knew that you didn't REALLY mean cloud. Billions and billions of hosts....

7. The Internet is constantly changing, and there is no giant map to help us get a bearing on where we are. Instead, we rely on routed protocols - specifically IP - for transportation over and between networks.
IP? Ok thanks for letting all us Slashdotters know that the internet uses IP. This is breakthrough.

8. C:\>tracert 68.57.30.45

Jackass. Windows tracert uses ICMP. Welcome to the town of "Blocked Protocol" Population: You. Tracerouting from my linux box sure makes a better read:

traceroute to pcp04991434pcs.benslm01.pa.comcast.net (68.57.30.45), 30 hops max, 40 byte packets
1 69.64.35.253 (69.64.35.253) 0.499 ms 0.403 ms 0.411 ms
2 ge-5-1.513.hsa1.StLouis1.Level3.net (63.208.32.161) 0.481 ms 0.511 ms 0.482 ms
3 so-6-1-0.mp2.StLouis1.Level3.net (64.159.4.141) 0.623 ms 0.585 ms 0.558 ms
4 ae-0-0.bbr1.Chicago1.Level3.net (64.159.1.33) 5.757 ms so-6-1-0.bbr2.Chicago1.Level3.net (64.159.0.58) 5.717 ms ae-0-0.bbr1.Chicago1.Level3.net (64.159.1.33) 5.901 ms
5 so-7-0-0.edge1.Chicago1.Level3.net (209.244.8.14) 5.893 ms 5.846 ms so-6-0-0.edge1.Chicago1.Level3.net (209.244.8.10) 5.892 ms
6 att-level3-oc48.Chicago1.Level3.net (209.0.227.78) 6.195 ms att-level3-oc48.Chicago1.Level3.net (4.68.127.166) 6.172 ms 6.180 ms
7 tbr1-p014001.cgcil.ip.att.net (12.123.6.34) 26.366 ms 26.389 ms 26.147 ms
8 tbr1-cl1.n54ny.ip.att.net (12.122.10.1) 26.708 ms 28.535 ms 26.476 ms
9 gar5-p300.n54ny.ip.att.net (12.123.3.9) 25.555 ms 25.656 ms 25.570 ms
10 12.118.149.10 (12.118.149.10) 26.228 ms 26.277 ms 26.293 ms
11 te-8-1-ar01.plainfield.nj.panjde.comcast.net (68.86.211.1) 26.560 ms 26.508 ms 26.629 ms
12 po80-ar01.audubon.nj.panjde.comcast.net (68.86.208.2) 29.842 ms 30.083 ms 29.921 ms
13 po10-ar01.wallingford.pa.panjde