As we discussed in the previous article, we derived DNS names from a given domain. That returned hostnames which are in the past, or were in the infrastructure of the domain.
Continuing Level 1 Network Footprint
In this article we look at the next step to map the Level 1 network footprint – deriving IP addresses from the hostnames as well as the netblock that these IP addresses belong to.
In each step of this process, we execute the Transform on the Output Entities of the previous Transform.
- Moving from DNS Names
The first step is to start with the DNS Names that we discussed in the previous post and run the Transform “To IP Address [DNS”To IP Address” to discover IP addresses. This protests myanmar netblocksfingasengadget Transform resolves.
- Derive the Netblocks from IP Addresses
Then, we calculate the netblocks in which IP addresses belong to by using the Transform To Netblock (using natural boundariesusing natural boundaries]’. The default Transform divides an IP address area into 256 blocks of IP addresses, and then gives the block in which the IP address is inserted into. The size of the block can be changed through the Transform input (little spanner icon right next to the name of the Transform in the Transform menu).
How can Netblock Information Obtained
Netblock information is also acquired from the routing update issued through the Border Gateway Protocol (BGP) on the Internet backbone. The Transform to Netblock [Using routing informationto Netblock [Using routing information]’ utilizes this information to assign a block to a given IP address.
Similar to those natural limits, we must consider a few assumptions about the size and legitimacy of netblocks. The size and the validity of the netblock associated with an IP address depends on how the BGP routing view utilized in the Transform. This means that we can have less (or greater precision) or a larger (less specific) netblock by using this Transform. Additionally, the size of the block might not reflect all modifications that have recently been made to it because there is a delay in generating the routing views from BGP routing updates.
- Return the AS Number Owning the Netblocks
We now pivot on the netblocks that were returned to determine an Autonomous System (AS) which is the owner of these blocks. This is done using the Transform “To AS Number’. This Transform returns the owner of a specific netblock by querying the Regional Internet Registry (RIR) databases.
- Finding Out the Owner of the AS Numbers
Finally, we derive that the person who is the owner for the AS numbers by running the Transform ‘To Company [Owner”To Company Owner”. This Transform extracts the owner information of an AS by analyzing databases like the RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this article we will look at how to get IP addresses netblocks, IP addresses, AS numbers, and the AS owners. This, along with obtaining DNS hostnames from a domain name, constitutes a Level-1 network footprint. It provides us with the Internet infrastructure that services use that are provided under a domain name. As companies usually offer their services under their own company domain, this footprint maps the network that the company utilizes to provide the products or services it provides.
If you’ve have made it this far you’re doing great! L1 foot-printing is common in IT security and performing the Transforms discussed in Part 1 and this blog post for new domains can be repetitive and tiring. This is why has the L1 footprinting machine.
Automate the level 1 network footprint with Machines
Machines are like macros that execute a fixed set of Transforms. Find out the basics of Machines and how to make them this blog article.
It is possible to have all of Transforms mentioned above run in the same order by using the footprint L1 machine. For a computer to run, select Machines and Footprint L1 with your starting Domain Entity selected, and wait for the magic to be completed.
