Rahul Jamgade
Rahul Jamgade
Information Technology
21 Feb 2018

Series on Information Security -(Weekly) - Phases of Hacking- Part10

Reconnaissance types can be categorized into two types:

Active reconnaissance : The attacker interacts with the system by doing ping weep, port scanning etc. This type of attack can be recognized easily as it generally directly hits the target system to gather the information about the system.

Ping sweep : Range of ip address to which ICMP echo request is send to verify whether the system is alive. You can do it on multiple systems at one go.
DNS search/zone transfer: Collecting information about the different hostnames gives hints about the kind of services and information that is available on the servers.
whois information: One can collect information about the company by using DNS registration information. The DNS registration information can be collected by using whois.

The regional internet registry Database stores information about for their particular region. The information that gets is as mentioned below.
IP address ranges
Routing policies
Reverse DNS delegations
Network contact information

Port scanning
: This help us to identify the services that are running on the system so as to find out which system to be targeted.

Passive reconnaissance : The attacker uses techniques like social engineering, publicly available information and dumpster diving.

Social engineering: Making a legitimate user to reveal information about the system. The information could be password, system ip address, services running on the system etc.This threat is more real in nature.Though you have a very good technical security like firewall , IDS and single signon in place, but generally more severe threat comes from information leakage through employees working in the organization passing the information to hacker unknowingly. Hence social engineering should be treated as severe vulnerability. Calling a Helpdesk person as a legitimate employee on phone extension and asking him to reset password is a form of social engineering. Social engineering is more of an art. It generally depends upon your soft skills. The countermeasure to address social engineering attack is through training and education. Companies spend lot of money and resources on technical safeguard to protect the information asset and hence part of the money should also be spend on training people.

Publicly available information: Information that is available by public available media, website are some of the examples. A company can post their requirement as a part of job posting. The information generally reveals what kind of job requirement is there ex. Database Vendor, Number of years of experience required, data mining or what kind of post is vacant for web server deployment, administration and level of expertise required. It also includes job posting for Application servers and the list goes on and on. You can use sites like wayback.archive.org or www.waybackmachine.org to collect back dated information for a website. This helps us to derive inference on the technology the company uses.

Dumpster Diving: Collecting information from garbage. One can get important information that is discarded by a user from dumpster diving. ex. ATM receipts , password written on paper than crushed and thrown into dustbin.

Be the first one to reply

Share this content on your social channels -

Only logged in users can reply.