|
|
|
Tips and tricks: Scanning made easy
I nformation gathering and analysis is the first task in preparing for a hi-fi crime. With books like Hacking Exposed getting popular, importance of finger-printing and foot-printing cannot be ignored. So, for a network administrator, a budding security professional or just a curious tech-savvy user, getting hold of a scanner tool is indispensable as it tells you exactly how information gathering works.
There are literally hundreds of network scanners available over the net, both for free and for a price. But one of the free tools, Spade (www. samspade.org) makes life easier by providing 22 detection, discovery and scanning tools in one package. Let’s take a quick look at the available options, along with their significance.
Start Spade. Before going ahead, make sure to specify DNS server in Edit > Options > Basic tab > TCP/IP settings frame, and then in Advanced tab, check all the ‘Enable…’ options.
Once this is done, type in a name of computer (IP/host name) and voila! A whole world of information is at your fingertips. Here’s what you can do using the toolbar and Tools menu. First, the toolbar.
Ping and DNS Related Tools: Ping sends a series of packets to the target machine and waits for a reply, calculating how long it takes for each packet for a round trip. This can be combined with the option of converting IP/host name.
Making use of DNS, NS Lookup tool again converts IP/host name making forward and reverse queries. A similar tool is called Dig which is essentially the same as DNS but has the ability to query all DNS records, including NS (an authoritative name server), HINFO (host information), MINFO (mailbox or mail list), MX (mail exchange), AAAA (IPv6 Address), LOC (Location) which is also known as ICBM record.
Traceroute and Time: Then there’s the old favourite Traceroute, which attempts to display the route taken by a packet from your PC to the target PC. With growing awareness, ICMP is blocked at hops which results in little or no information on certain hosts and intermediate machines.
Next is Time query tool which gives you the time of target machine. This is important in email header reading and verifying geographical locations, etc. Machines using time synchronization ( for instance some servers) usually have this service.
Whois: Standard Whois tool is included which requires international directories to glean information on a particular host. Using this with IP Block tool can reveal lots of interesting information.
Mail Query Tools: This tool searches the target machine for presence in one of three lists maintained at MAPS (The Mail Abuse Prevention System) having addresses of spammers. These lists are RBL (Realtime Blackhole List) — a manually maintained list of major spammers and spam service providers and DUL (Dynamic Dial-Up List) — lists of many dynamically assigned addresses. Since official mails do not use dynamic IP servers, DUL email sources are potentially spam. And third one, RSS (Relay Spam Stopper) contains addresses of known open relays. Then there’s Abuse Lookup tool making use of Abuse.net’s list of anti-spam email contacts of many domains. Along with these, SMTP Verify tool and Finger tools try to query about an email server’s users.
Moving on to the Tools menu, here’s what you have:
Scan Tool: Scan tool is multi-threaded which lets you perform scanning on single or range of IP addresses. Using Advanced button you can select from non-default list of ports.
Web Tools: Crawl Website attempts to download a website to local disc and has the option of searching a particular type of information in web pages. But this is not as powerful tool as others. A similar tool is Browse Web which displays raw HTML header and body instead of normal pages.
Newsgroup Tool: Check cancel will probe if cancel post is on or off for a news-server. This works if the server allows XPAT.
Email Tools: SMTP Relay Check tool will actually try to see if an email can be sent using a particular mail server. You need to specify an email address in Edit > Options > Configuration. Note that this activity will most probably get logged so set your email address accordingly. And there’s a Parse Email Header tool that tells you about an email header with lots of info.
DNS and Traceroute: Zone Transfer requests DNS info but it puts a lot of load on server. So use it ethically. Fast and slow traceroute are simple extensions to the usual traceroute. However, faster one is less reliable as compared to the slow one.
S-Lang: You also have a built-in programming language S-Lang (www.s-lang.org) —an interpreted C-like language. You can create and run scripts using S-Lang console window passing addresses as parameters.
Writer’s email: nizar.ali@gmail.com
|
|
|
|
