Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reconnaissance In Virtual Space

Posted by ryuzaki0 on from the weekend-project dept.

An anonymous reader writes "Whitedust Security have released an interesting article discussing online reconnaissance techniques. From the article: 'Sometimes thirty-two bits are all you need. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concerning a target via the Internet'."

19 of 89 comments (clear)

  1. Virtual Space by ciroknight · · Score: 3, Funny

    What.. is Cyberspace no longer a valid buzzword???

    --
    "Victory means exit strategy, and it's important for the President to explain to us what the exit strategy is." G.W.Bush
    1. Re: Virtual Space by lightyear4 · · Score: 2, Funny

      Oh no, far from it. Cyberspace, however, is the world of yesterday. You see, in Virtual Space, reconnaissance is done in person, in the computer's world itself. Amidst towering circuitry, glowing with an eerie light, you race about upon futuristic wire-frame motorcycles, intent on bringing combat to the all-powerful Master Control Program which rules all. Good luck.

  2. Goodbye AMD by Nom+du+Keyboard · · Score: 4, Funny
    thirty-two bits are all you need.

    Well, there goes my need for AMD64.

    --
    "It's the height of ridiculousness to say for those 9 lines you get hundreds of millions."
    1. Re:Goodbye AMD by IdleTime · · Score: 2, Informative

      I, for one, is happy to have a 64-bit, twice as difficult ;-)

      The article is moronic and only discusses the ip-address, the easiest thing to hide if you really want to. I guess this would be a life-changing article if you don't know anything about networks, other than that, it's not worth the click.

      --
      If you mod me down, I *will* introduce you to my sister!
  3. 32 bits is all you need... by sokoban · · Score: 4, Funny

    if you want to catch a 2-bit crook

    --
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 is the magic number.
  4. Using your personal website to pick up women by pHatidic · · Score: 4, Funny

    1) Enable webstats
    2) Look at who has been going to your website
    3) If someone from a college you have a (hot girl) friend at visits your site, use facebook to see if the hit is from the dormroom they are in
    4) If so, shoot them an email saying that you were thinking of them and asking how they are
    5) Wait until they write back and say, "what a coincidence, I was thinking of you too!"
    6) ????
    7) Profit!

    And the best thing is technically they're the one stalking you

    (exercepted from an article to be published on kuro5hin in the mysterious future on using your personal website to get pick up women)

    1. Re:Using your personal website to pick up women by i.r.id10t · · Score: 2, Funny

      To heck with email... I remember the shouts of "finger me!" across the halls... of course, it was typically a couple of guys, but there was the occasional hottie...

      --
      Don't blame me, I voted for Kodos
  5. And this would be reconnaissance? by giorgiofr · · Score: 4, Informative

    A guide to internet reconnaissance? WHERE? This is just an overview of the whois command! And it made the frontpage on /.
    How sad.

    --
    Global warming is a cube.
  6. little content by MJArrison · · Score: 5, Insightful

    There is very little here besides:

    man nslookup
    man whois

    Try those commands for a more complete understanding of what's going on.

  7. Reconnaissance!? by david+duncan+scott · · Score: 4, Insightful
    nslookup and whois? My God, is it legal to disseminate such critical information as this?

    Jeez, I was hoping for something vaguely Kevin Mitnick, and instead I get Sam Spade. This may not be Intarweb 101, but it's maybe 102.

    --

    This next song is very sad. Please clap along. -- Robin Zander

  8. Who is/are Whitedust Security? by CyricZ · · Score: 4, Interesting

    I haven't heard of Whitedust Security before. Who exactly are they? What are some notable accomplishments of this group in the field of computer security? Have they performed any other notable studies, or written any revolutionary papers?

    --
    Cyric Zndovzny at your service.
    1. Re:Who is/are Whitedust Security? by aster_ken · · Score: 3, Insightful

      Given that their current poll concerns a recent browser security controversy instead of an actual security issue, I would guess they are a company that was recently started by an amateur computer security consultant.

      Actually, why does a security site even have a poll?

    2. Re:Who is/are Whitedust Security? by twiddlingbits · · Score: 3, Funny

      These were the guys who used to be the heat for the Columbian Cocaine Cartel. Since the Columbian Goverment busted the cartel they branched out into the Internet security area. Why not, they are as qualifed as most of the consultants out there!

  9. DNS and whois? by slavemowgli · · Score: 3, Informative

    To sum up the article:

    1) You can use the DNS system to resolve IP addresses to hostnames, which may tell you something about the organisation they belong to.
    2) For more information, perform a whois query.

    That's news? Seriously, people, that's like saying that you can control your car with the help of this "steering wheel"...

    --
    quidquid latine dictum sit altum videtur.
  10. Junk article. by mindstrm · · Score: 2, Insightful

    This is junk.

    "You can do a traceroute, a dns lookup, and read public whois data!"

    Then this stuff about how IP addresses are broken up into "classes" to ease routing.. err, no, they aren't.. though they used to be many, many years ago.

    Also... * * * in a traceroute may indicate ICMP filtering, but more often indicates that rfc1518 private addresses were used on the links, which are then blocked elsewhere. Perfectly normal, and quite common.

  11. Oh, how perfect! by AutopsyReport · · Score: 2, Funny

    An article on how to hunt someone down on the Internet. A picture of a beautiful woman on top of the article with a transparent crosshair on her face. The article is submitted to a community of mostly-lonely geeks. God only know's what will happen now.

    --

    For he today that sheds his blood with me shall be my brother.

  12. Ok, put your tips below; here are mine by postbigbang · · Score: 2, Informative

    Yeah, the post was about as lame as they get. But here are a sample of some of my tricks:

    1) probe port 80 on the last few addresses you find, and if you get a web page out of there, look at the page source to see if there are other IPs to look up. Nothing like a badly configured chain to cough some more info from. Probe for other common ports at the end of the chain to see if there's a mail server there; maybe you can make it cough more data.

    2) do google or dogpile searches of the IP address, and both the dns names and reverse names; follow each hit until it ends somewhere. Always take notes.

    3) try to find email addresses through index engines using the various domain names, and also its NS records, MX records and anything else in DNS that might point to hidden servers in the route(s). Take notes.

    4) check various rbls, spamhaus, and so on to see if there are other complaints. Sometimes you can have fun.

    5) check any phone numbers; search on those, too. Heaven loves a toll-free # in a spam.

    And now, your tips?

    --
    ---- Teach Peace. It's Cheaper Than War.
  13. Welcome to 5 years ago by Anonymous Coward · · Score: 2, Insightful

    I don't see how this made it to the front page of Slashdot? This is pretty much a "diet" version of "Tracking Spammers 101" from 5 years ago. In fact, I wonder if this is a txt file someone got from a BBS in 1993. This "paper" has pleanty of flaws. Let's list them:

    1. A practical guide to Internet reconnaissance.

    Wrong. This isn't practical because it doesn't provide the investigator any useful information.

    2. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concerning a target via the Internet. Utilizing publicly available resources, we can quickly learn a good deal about a suspicious host, such as its service provider and originating country.

    Wrong. This paper doesn't even mention the use of a certain wildly-popular search engine to see if other people are talking about the same host. This paper doesn't talk about using RadB, looking glasses, route servers or any other public resource that allows you to do a "fly-over" of your target.

    3. Coupled with real-world knowledge, we can assess the threat posed by a would-be attacker and react accordingly.

    What real world knowledge would that be? You can assess the threat by the source IP? Really? It's common knowledge that many times the attack source IP isn't really where the attacker is sitting. So that pretty much kills the point of this "paper" now doesn't it.

    4. Along with a good idea of where to start, this requires some basic working knowledge of the Internet and the communication for which it provides.

    Good. Basic working knowledge. So my mom is all primed to get started in a career in internet investigations. Super.

    5. The Internet is a cloud.

    Yeah I have Visio too. Nice.

    6. Not literally, of course, but it is often pictured this way due to its vague nature. From the outside, it appears as a single entity, but from within it is impossible to determine its boundaries.

    Oh dude, you like totally had me there for a second. Then you started sounding like Carl Sagan and I knew that you didn't REALLY mean cloud. Billions and billions of hosts....

    7. The Internet is constantly changing, and there is no giant map to help us get a bearing on where we are. Instead, we rely on routed protocols - specifically IP - for transportation over and between networks.
    IP? Ok thanks for letting all us Slashdotters know that the internet uses IP. This is breakthrough.

    8. C:\>tracert 68.57.30.45

    Jackass. Windows tracert uses ICMP. Welcome to the town of "Blocked Protocol" Population: You. Tracerouting from my linux box sure makes a better read:

    traceroute to pcp04991434pcs.benslm01.pa.comcast.net (68.57.30.45), 30 hops max, 40 byte packets
    1 69.64.35.253 (69.64.35.253) 0.499 ms 0.403 ms 0.411 ms
    2 ge-5-1.513.hsa1.StLouis1.Level3.net (63.208.32.161) 0.481 ms 0.511 ms 0.482 ms
    3 so-6-1-0.mp2.StLouis1.Level3.net (64.159.4.141) 0.623 ms 0.585 ms 0.558 ms
    4 ae-0-0.bbr1.Chicago1.Level3.net (64.159.1.33) 5.757 ms so-6-1-0.bbr2.Chicago1.Level3.net (64.159.0.58) 5.717 ms ae-0-0.bbr1.Chicago1.Level3.net (64.159.1.33) 5.901 ms
    5 so-7-0-0.edge1.Chicago1.Level3.net (209.244.8.14) 5.893 ms 5.846 ms so-6-0-0.edge1.Chicago1.Level3.net (209.244.8.10) 5.892 ms
    6 att-level3-oc48.Chicago1.Level3.net (209.0.227.78) 6.195 ms att-level3-oc48.Chicago1.Level3.net (4.68.127.166) 6.172 ms 6.180 ms
    7 tbr1-p014001.cgcil.ip.att.net (12.123.6.34) 26.366 ms 26.389 ms 26.147 ms
    8 tbr1-cl1.n54ny.ip.att.net (12.122.10.1) 26.708 ms 28.535 ms 26.476 ms
    9 gar5-p300.n54ny.ip.att.net (12.123.3.9) 25.555 ms 25.656 ms 25.570 ms
    10 12.118.149.10 (12.118.149.10) 26.228 ms 26.277 ms 26.293 ms
    11 te-8-1-ar01.plainfield.nj.panjde.comcast.net (68.86.211.1) 26.560 ms 26.508 ms 26.629 ms
    12 po80-ar01.audubon.nj.panjde.comcast.net (68.86.208.2) 29.842 ms 30.083 ms 29.921 ms
    13 po10-ar01.wallingford.pa.panjde

  14. For people who want high-tech, a fascinating book by Beryllium+Sphere(tm) · · Score: 3, Informative
    >And now, your tips?

    To triangulate the source of spoofed IP packets, to (theoretically) sniff a keyboard by recording TCP sequence numbers, and even how to build a distributed computer out of covert channels, see Michal Zalewski's Silence On The Wire. It's less practical than nslookup and whois but it's a glorious romp through the fun parts of information security. Read it for inspiration and to jar you into thinking outside the box.

    (Disclosure: I got a free review copy.)