Mapping an introductory (Level 1.) Network Footprint

In the previous post In the last post, we calculated DNS names from a given domain. This returned hostnames that are, or have historically been an integral part of the domain’s infrastructure.

Continuing Level 1 Network Footprint

In this blog, we’ll look at the next step of mapping the level 1 footprint of the network – determining the IP addresses for the hostnames as well as the netblock that these IP addresses are part of.

Each step of this procedure, we execute the Transform on the output entities that were generated by the prior Transform.

  1. Switching from DNS Names

We start with the DNS Names we have from the previous article and then execute the Transform ‘To IP Address [DNS]’ to find IP addresses. This Transform resolves the input Entity using DNS to IP addresses.

  1. Derive The Netblocks using IP Addresses

Then, we determine the netblocks IP addresses are part of by running the Transform  to Netblock [Using natural boundariesto Netblock [Using natural boundaries]’. The Transform defaults to divide each IP address into blocks of 256 IP addresses. Then, it returns the block that the given IP address fits into. The block size can be changed in the Transform input (little spanner icon right next to the Transform’s name in the Transform menu).

How can Netblock Information Obtained?

Netblock information can be extracted from the routing updates issued through the Border Gateway Protocol (BGP) on the Internet backbone. The Transform  to Netblock [Using routing information]’ uses this information to assign a netblock an IP address.

Similar to nature’s boundaries we need to make a few assumptions regarding the size and the validity of netblocks. The size and the validity of the netblock that is associated with an IP address are determined by how the BGP routing view utilized in the Transform. Thus, we might receive a smaller (or greater precision) or a larger (less specific) netblock using this Transform. Moreover, the netblock size may not reflect all modifications that have recently been made to it due to a delay in generating the routing views based on BGP the routing update and protests myanmar netblocksfingasengadget.

  1. Return the AS Number Owning the Netblocks

Now we pivot on the netblocks that were returned to determine an Autonomous System (AS) which control the netblocks. We do this using the Transform ‘To AS number’. This Transform will reveal the owner of a given netblock by searching database of Regional Internet Registry (RIR) databases.

  1. Figuring Out the Owner of the AS Numbers

In the end, we find the owner of the returned AS numbers by running the Transform “To Company Owner”To Company [Owner]”. This Transform removes the owner information of a particular AS from databases like the RIR databases. 

Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint

In this article we will look at how to derive IP addresses netblocks, AS numbers, and the AS owners. Together with deriving DNS hostnames from a domain name creates a Level 1 network footprint. It provides us with the Internet infrastructure that is used by the services that are offered under the domain name. Since most companies offer their services under their company domain name, this footprint depicts what infrastructure they use to deliver the services or products they offer.

If you reached this point you’re doing great! Footprinting using L1 is standard in IT security and performing the Transforms discussed in Part 1 and this blog post for brand new domains can be tedious and repetitive. So, Lncludes the L1 footprint machine.

Automate the Level 1 Network Footprint using the Machines

Machines are macros that execute a specific set of Transforms. Find out More about Machines and how you can create them in this blog post.

It is possible to have all of Transforms mentioned above executed in the same order when you run an L1-based footprinter. To run a machine select Machines & Footprint L1 with the Domain you want to start from Entity chosen, and wait for the magic to take place.

Leave a Reply

Your email address will not be published. Required fields are marked *