What is Footprinting?
Footprinting is the technique to collect as much information as possible about the targeted network/victim/system. It helps hackers in various ways to intrude on an organization's system. This technique also determines the security postures of the target. Footprinting can be active as well as passive. Passive footprinting/pseudonymous footprinting involves collecting data without the owner knowing that hackers gather their data. In contrast, active footprints are created when personal data gets released consciously and intentionally or by the owner's direct contact.
Sub Branches of Footprinting
- Open-Source Footprinting.
- Network-based Footprinting.
- DNS Interrogation.
This type of footprinting is the safest, holding all legal limitations, and hackers can do it without fear because it is legal and, hence, coined the term Open-source. Examples of this type include: finding someone's email address and phone numbers, scanning IP through automated tools, searching for age, DOB, house address, etc. Most companies provide information about themselves on their official website without knowing that hackers can take advantage of it.
Using this footprinting category, hacktivists can retrieve information such as user name, information within a group, shared data among individuals, network services, etc.
After gathering the information from the different areas using various techniques, the hacker usually queries the DNS using pre-existing tools. Many freeware tools are available online to perform DNS interrogation.
Tools, Tricks, and Techniques for Information Gathering
Whois is a renowned Internet record listing tool to identify who owns a domain or who registers for that particular domain along with their contact details. The Internet Corporation for Assigned Names and Numbers (ICANN) regulates domain registration and ownership details. Whois records have proven extraordinarily beneficial and have developed into an essential resource for maintaining the integrity of domain name registration and website ownership process.
- Harvester is also an information-gathering tool that helps you extract a particular target's email address and subdomains. Harvester is coded using a simple python script that searches information from giant search engines like Google, Yahoo, Bing, and much more.
- Metagoofil is another information gathering or footprinting tool used for extracting information or data publicly available on the internet belonging to the company.
- Netifera is a potent tool that gives a complete platform to gather information regarding the targeted website you want to attack. It is a free tool that comes inbuilt with Backtrack Linux OS. This software will give information such as IP address, the Programming language used for website development, the number of websites hosted, and DNS.
- OS Identification: involves sending illegal TCP (Transmission Control Protocol) or ICMP (Internet Control Message Protocol) packets to the victim's system to identify the OS (Operating system) used by the victim on his server or computer.
- A ping sweep establishes a range of IP addresses that map hackers to live hosts. Fping, Nmap, Zenmap, ICMPEnum, and SuperScan are some of the tools used to ping a large number of IP addresses at a time; to generate lists of hosts for large subnets.
We can gather information from other sources, such as social networking sites (Facebook, Twitter, LinkedIn, etc.), where general users share their personal data and additional related information. Even search engines play a significant role in gathering information.
Hackers can also gather information from various financial services about a target company, such as the market value of a company's shares, company profile, competitor details, etc.
Hackers can also collect information from the email header, which includes:
- Address from which message was sent.
- Sender's email server.
- Sender's IP address.
- Date and time received by the originator's email server.
- The sender's mail server uses the authentication system.
- Sender's full name.
Objectives of Footprinting
- Collect Network Information: such as Domain name, Internal domain names, IP addresses of the reachable systems, rogue websites/private websites within the domain, Access Control Mechanisms, protocols used, existing VPNs, analog and digital telephone numbers, authentication mechanisms, and system enumeration.
- Collect System Information: such as users and group names, system banners, routing tables, and the routing protocols it is using, SNMP information, system architecture, operating system used, remote system type, username, and passwords.
- Collect Organizations' Information: such as Employee details, organization's website, company directory, local details, address and phone numbers, comments in HTML Source code within an organization's website, security policies implemented, web server links relevant to the organization, news articles and press release.
- Classify the type of information which is needed to be kept public.
- Don't put unnecessary information into any profile, social networking account, or website.
- Don't keep a personal contact number in any company or organization's phone book to prevent war-dialing.
Countermeasures Against DNS Interrogation
- Keep internal DNS and external DNS separate.
- Restrict and disable zone transfer to authorized servers.