FFootprinting... |
The Network Administrator |
Footprinting, as referred to in Hacking Exposed,
a book written by Stuart McClure, Joel Scambray and George Kurtz. They use this term to
describe peering into an organizations DNS server and pulling out the server names that
are associated to their corresponding IP Addresses. This method is of course, very
effective in discovering a company's e-mail and server naming convention. I myself have
used it many times when looking for server information or e-mail addresses. By using the
TCP/IP utility NSLOOKUP you may look up name server information; the e-mail address of the
administrator, the mail servers IP address, web server, and any other server listed. You
may also find any aliases such as; www, ftp and mail in the DNS server. Once, I even found
a routers password this way. Not all break-ins are malicious, I have masked my way through
many a system or network only to leave my wife a message to call me. It is important not
to name your computers what their functions are. For example; MainCashDatabase, would
probably not be a good idea. I use geeky names that can't be so easily associated with its
function. I once took over a network where my predecessor used a book of classical
composers to name their computers, so I had no choice but to continue this naming
convention. You must pick your naming convention carefully, too many computer people use
the same names; Names from Star Trek, Star Wars, Babylon 5 and the British like to use
names for a popular space satire called Red Dwarf.
I always hesitate answering young eager to be computer geeks when they ask how I did
something. Showing them how to use DNS and other everyday IP tools seems to take the magic
out of it for them and they always look disappointed. Some even say; "I could have
did that!" But they never do. A hacker is nothing more than someone that can utilize
everything he or she has learned to achieve whatever goal they are after. Okay, and
there's magic too.