Mapping the
Network
The hacker would have now gained enough
information to map the network. Mapping the network provides the hacker with a
blueprint of the organization. There are manual and automated ways to compile
this information. Manual and automated tools are discussed in the following sections.
If you have been documenting findings,
the matrix you began at the start of this chapter should be overflowing with
information. This matrix should now contain domain name information, IP
addresses, DNS servers, employee info, company location, phone numbers, yearly
earnings, recently acquired organizations, email
addresses, the publicly available IP address range, open ports, wireless access
points, modem lines, and banner details.
If you prefer a more automated method of
mapping the network, a variety of tools are available. Visual traceroute
programs, such as NeoTrace and Visual Route, are one option. Running traceroute
to different servers, such as web, email, and FTP, can help you map out the
placement of these servers. Automatic mapping can
be faster but might generate errors or sometimes provide erroneous results.
When Your Traceroutes Led to the Middle of the
Atlantic Ocean
Not quite the middle of the ocean,
but the country of Sealand is about six miles off the coast of England. This
platform of concrete and steel was originally built during World War II to be
used as an anti-aircraft platform but later abandoned. Established as its own
country since 1967, the country of Sealand now provides non-traceable network
services and has the world’s most secure managed servers. Because Sealand is
its own country, servers located there are exempt from government subpoenas and
search and seizures of equipment or data. Some
might see this as ultimate privacy, whereas others might interpret this as a
haven for illegal activities.
NLog is one option to help keep track of
your scanning and mapping information. NLog allows you to automate and track
the results of your nmap scans. It allows you to keep all of your nmap scan
logs in a database, making it possible to easily search for specific entries.
It’s browser based, so you can easily view
the scan logs in a highly customizable format. You can add your own extension
scripts for different services, so all hosts running a certain service will have
a hyperlink to the extension script.
Cheops is another network mapping
option. If run from the Internet, the tool will be limited to devices that it
can contact. These will most likely be devices within the demilitarized zone (DMZ).
Run internally, it will diagram a large portion of the network. In the hands of
a hacker, it’s a powerful tool, as it uses
routines taken from a variety of other tools that permit it to perform OS
detection port scans for service detection and network mapping using common traceroute
techniques. Linux users can download it from www.marko.net/cheops.
No comments:
Post a Comment