We derived DNS names from a given domain. This returned hostnames that are in the past, or were included in the infrastructure of the domain.
Maintaining Level 1 Network Footprint
In this article we look at the next step of mapping the Level 1 footprint of networks – finding the IP addresses of hostnames, and also the netblock the IP addresses belong to.
Each step of the sequence we execute each step of this sequence, we run a Transform on the Output Entities of the previous Transform.
Moving from DNS Names
The first step is to start with the DNS Names from the previous post , and then run the Transform ‘To IP Address [DNS]’ to discover IP addresses. This transform converts the input Entity through DNS to IP addresses.
Deriving the Netblocks using IP Addresses
Then, we determine the netblocks the IP addresses belong to by using the Transform to Netblock [Using natural boundaries]’. The Transform defaults to divide all IP addresses into 256 blocks of IP addresses and returns the block where the IP address is inserted into. The size of the block can be set via the Transform input (little spanner icon right next to the Transform’s name in the Transform menu).
How can Netblock Information Obtained
Netblock information can be obtained from the routing updates released through the Border Gateway Protocol (BGP) on the Internet backbone. The Transform To Netblock [Using routing info]’ utilizes this information to assign a block to an IP address. Monitoring to protests myanmar netblocksfingasengadget.
As with nature’s boundaries it is necessary to make a few assumptions regarding the size and legitimacy of netblocks. The size and legitimacy of the netblock for an IP address are determined by what BGP routing view that is used in the Transform. So, we could receive less (or greater precision) or larger (less specific) netblock using this Transform. Additionally, the size of the block could not reflect all of the recent changes made to it as there is some delay in the generation of views of routing from BGP the routing update.
Return the AS Number Owning the Netblocks
Then we turn our attention to the netblocks we have returned to get what we call the Autonomous System (AS) that control the blocks. We do this using the Transform “To AS Number’. This Transform will reveal the owner of a given netblock by using the Regional Internet Registry (RIR) databases.
Finding the owner of the AS Numbers
Finally, we derive that the person who is the owner for the AS numbers through the Transform ‘To Company [OwnerTo Company [Owner]’. This Transform is able to extract the owner details of a particular AS from databases like the RIR databases.
Uncovering Internet Infrastructure By Conducting Level 1 Network Footprint
In this post, we have seen how to derive IP addresses netblocks, IP addresses, AS numbers, and AS owners. This, along with obtaining DNS hostnames from domain names, is a Level 1 network footprint. It reveals the Internet infrastructure that services use that are offered under the domain name. Since most companies provide their services under their own company domain name, this footprint depicts the network that the company utilizes for the service or product they offer.
If you have made it this far then congratulations! L1 footprinting is commonplace in IT security and running the Transforms introduced in Part 1 and this blog post on new domains can be tedious and repetitive. This is why includes the L1 footprinting machine.
Automate Level 1 Network Footprint with Machines
Machines are similar to macros that perform a set of Transforms. Find out the basics of Machines and how to create them in this blog article.
You can have all the Transforms above performed in the exact order by running the footprint L1 machine. If you want to operate a device, select Machines>>Footprint L1 with the Domain you want to start from Entity chosen, and just wait for the magic to be completed.