Footprinting

From ArticleWorld

Footprinting is a technique by which information about computer systems is gathered by hackers in order to exploit security flaws.

This is possible by carrying out various network-based techniques. Hackers often target Domain Name Systems (DNS), Internet Protocols (IP) and firewalls to gain vital information. The techniques used are often carried out by organizations themselves in order to gauge their vulnerability to hackers. The following passages describe two of the most important methods used in footprinting.

Contents 1 Ping sweeps 1.1 Tools for carrying out the ping sweep 2 TCP/UDP scan 3 Protection from footprinting

Ping sweeps

A ping sweep, which is also termed as an ICMP sweep, is a basic network scanning technique used to ascertain the mapping of IP addresses to live computers. The ping sweep technique is among the older the slower techniques for scanning networks.

A range of IP addresses is scanned in order to achieve this purpose. With a single ping, it is possible to determine whether a specified host computer exists on a certain network. However, when a ping sweep is executed, ICMP (Internet Control Message Protocol) ECHO requests are sent to multiple hosts. In the event that a certain address happens to be live, it will return an ICMP ECHO reply. Network administrators can block ICMP ECHO requests from external sources with the aim of disabling ping sweeps on a network.

Tools for carrying out the ping sweep

Unix systems use tools such as fping, gping and nmap. For Windows-based systems, the Pinger software from Rhino9 and Ping Sweep from SolarWinds are used to carry out this technique. It is possible for both these Windows-based utilities to send multiple packets simultaneously and permit the user to resolve host names and create a log of the output to a file.

TCP/UDP scan

Hackers often use port scanners to determine which hosts are alive on the Internet, which exactly are the Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) ports listening on each system and the installed operating system on the host. Security mechanisms between the attacker and the potential victim can be determined with the help of traceroutes. A TCP scan can be carried out by a regular user, but in order to do the UDP scan, the user must be logged in as a root user.

A command line tool called nslookup which works in Windows NT and XP can be used to perform DNS queries to extract addresses. After the port scanning and trace routing is completed, the attacker can come up with a network map as an understanding of the victim's Internet footprint.

Protection from footprinting

1. Sensitive information that has the potential to be exploited by hackers should be placed offline.

1. A ping sweep should be run on the organization's network to reveal any vulnerabilities.

1. Patches for the computer systems in order to protect them from intruders should be regularly updated.

1. Unnecessary services or ports should be shut down to prevent illegal entry.

1. Administrators should use strong passwords to protect and safeguard access to their systems.