As we discussed in the previous article in the previous post, we extracted DNS names from a specific domain. The result was hostnames that are or were historically an integral part of the infrastructure of the domain.
1. Continued Level 1 Network Footprint
Continued Level 1 Network Footprint
In this article, we will look at the next step to map the level 1 footprint of the network – determining the IP addresses of hostnames as well as the netblock that these IP addresses are part of and how to Protests myanmar netblocksfingasengadget.
Each step of the sequence we execute an Transform on the output entities from the earlier Transform.
Switching from DNS Names
Start with the DNS Names we have from the previous post , and then run the Transform “To IP Address [DNSto IP Address [DNS]” to get IP addresses. The Transform converts the input Entity by converting DNS to IP addresses.
Deriving the Netblocks using IP Addresses
Then, we determine the netblocks that IP addresses belong to by using the Transform To Netblock [Using natural boundariesto Netblock [Using natural boundaries]’. The Transform defaults to divide an IP address area into 256 blocks of IP addresses, and then returns the block that the IP address is inserted into. The size of the block can be set by using the Transform input (little spanner icon beside the name of the Transform in the Transform menu).
How do I get Netblock information obtained?
Netblock information can be found in the routing updates released through BGP. Border Gateway Protocol (BGP) on the Internet backbone. The Transform To Netblock [Using routing informationto Netblock [Using routing information]’ makes use of this information to assign a netblock an IP address.
In order to understand naturally defined boundaries we have to be able to make some assumptions about the size and legitimacy of the netblocks. The size and the validity of the netblock for an IP address is determined by what BGP routing view that is used in the Transform. So, we could receive a less (or better-defined) or a larger (less exact) netblock using this Transform. Furthermore, the size of the netblock could not reflect all of the recent changes to it due to an inability to generate the views of routing from BGP update to routing.
Return the AS number that owns the Netblocks
We then pivot on the netblocks that were returned to determine an Autonomous System (AS) which is the owner of the netblocks. To do this, we employ the Transform to AS numbers’. This Transform will reveal the owner of a particular netblock by searching databases of the Regional Internet Registry (RIR) databases.
Identifying the owner of the AS Numbers
Then, we determine who owns the AS numbers by using the Transform “To Company OwnerTo Company [Owner]’. This Transform removes the owner information of an AS out of databases like the RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this article we will look at how to obtain IP addresses netblocks, IP addresses, AS numbers, as well as the AS owners. This, along with obtaining DNS hostnames from domain names, creates a Level 1 network footprint. It reveals the Internet infrastructure that is used by the services that are offered under the domain name. Since companies typically provide their services under their own company domain, this footprint shows the network that the company utilizes to provide the products or services it provides.
If you’ve have made it this far you’re doing great! Footprinting using L1 is standard in IT security, and using the Transforms described in Part 1 and this blog post on new domains can be tedious and repetitive. This is why is equipped with the L1 footprinting machine.
Automate the Level 1 Network Footprint using Machines
Machines are macros that perform a set of transforms. Find out the basics of Machines and how to build them in in this blog article.
It is possible to have all of Transforms mentioned above executed in the same order when you run the footprint L1 machine. For a computer to run, select Machines >>Footprint L1 with the Domain you want to start from Entity chosen, and let the magic be completed.