In the previous article in the previous post, we extracted DNS names from a specific domain. It returned hostnames that are in the past, or were, part of the domain’s infrastructure.
Continuing Level 1 Network Footprint
In this article, we will look at the next step to map the Level 1 footprint of the network – determining the IP addresses of the hostnames as well as the netblock that these IP addresses belong to.
In each step of this procedure, we run the Transform on the output entities that were generated by the prior Transform.
- Switching from DNS Names
We start with the DNS names from the prior post and run the Transform “To IP Address [DNSto IP Address [DNS]” to find IP addresses. This transform converts the input Entity by converting DNS to IP addresses.
- Derive The Netblocks from IP Addresses
Then, we calculate the netblocks the IP addresses belong to by running the Transform to Netblock [Using natural boundariesusing natural boundaries]’. This Transform by default divides an IP address area into 256 blocks of IP addresses and returns the block the IP address is inserted into. The size of the block is adjustable through the Transform input (little spanner icon next to”Transform’s” name in the Transform menu).
How can Netblock information obtained?
Netblock data can also be obtained from the routing updates made through the Border Gateway Protocol (BGP) on the Internet backbone. The Transform ‘To Netblock [Using routing data”To Netblock [Using routing info]” uses this information to assign a netblock to a given IP address.
In order to understand the natural boundaries, we must be able to make some assumptions about the size and the validity of netblocks. The size and validity of the netblock that is associated with an IP address depends on the BGP routing view employed in the Transform. This means that we can obtain a larger (or better-defined) or a larger (less accurate) netblock by using this Transform. Moreover, the netblock size might not reflect all recent changes made to it since there is delays in creating the views of routing from BGP routing updates.
- Return the AS Number Owning the Netblocks
We now pivot on the netblocks returned in order to calculate an Autonomous System (AS) which control the blocks. This is done using the Transform ‘To AS Number’. This Transform will reveal the owner of a particular netblock by using database of Regional Internet Registry (RIR) databases.
- Figuring Out the Owner of the AS Numbers
In the end, we find from the owners of returned AS numbers through the Transform “To Company OwnerTo Company [Owner]’. This Transform removes the owner information of an AS by analyzing RIR databases. RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this post we’ve discussed how you can derive IP addresses netblocks AS numbers, and the AS owners. This, in conjunction with the process of obtaining DNS hostnames from a domain name constitutes a Level-1 network footprint. It provides us with the Internet infrastructure used by services that are provided under the domain name. Since companies typically provide their services under their own company domain, this footprint represents the technology used by the company to provide the products or services it offers and protests myanmar netblocksfingasengadget.
If you are here then congratulations! Foot-printing with L1 is commonplace in IT security, and performing the Transforms discussed in Part 1 and this blog post on new domains can be tedious and repetitive.
Automate the Level 1 Network Footprint using Machines
Machines are similar to macros that perform a set of transforms. Find out More about Machines and how to make them this blog article.
It is possible to have all of the Transforms above be run in the same sequence through an L1-based footprinter. To run a machine select Machines & Footprint L1 with the Domain you want to start from Entity chosen, and wait for the magic to complete.