What is Footprinting, Fingerprinting Enumeration & SNMP Enumeration ??

Posted: December 30, 2010 in Information

Defining Footprinting

  • Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner.
  • Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
  • Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved.

Footprinting – Attack Methods

The attacker may choose to source the information from:

  • A web page (save it offline, e.g. using offline browser such as Teleport pro
  • Yahoo or other directories. (Tifny is a comprehensive search tool for USENET newsgroups.
  • Multiple search engines (All-in-One, Dogpile), groups.google.com is a great resource for searching large numbers of news group archives without having to use a tool.
  • Using advanced search (e.g. AltaVista),
  • Search on publicly trade companies (e.g. EDGAR).
  • Dumpster diving (To retrieve documents that have been carelessly disposed)
  • Physical access (False ID, temporary/contract employees, unauthorized access etc)

Active Stack Fingerprinting: This technique is called OS fingerprinting

  • Fingerprinting is done to determine the remote OS
  • Allows attacker to leave smaller footprint and have greater chance to succeed
  • Based on the fact that various OS vendors implement the TCP stack differently
  • Specially crafted packets sent to remote OS and response is noted. This is compared with a database to determine the OS

Passive Fingerprinting

  • Passive fingerprinting is also based on the differential implantation of the stack and the various ways an OS responds to it.
  • However, instead of relying on scanning the target host, passive fingerprinting captures packets from the target host and study it for tell tale signs that can reveal the OS.
  • Passive fingerprinting is less accurate than active fingerprinting.

What is Enumeration ???

  • If acquisition and non intrusive probing have not turned up any results, then an attacker will next turn to identifying valid user accounts or poorly protected resource shares.
  • Enumeration involves active connections to systems and directed queries.
  • The type of information enumerated by intruders:

Network resources and shares

Users and groups

Applications and banners

SNMP Enumeration

  • SNMP is simple. Managers send requests to agents, and the agents send back replies.
  • The requests and replies refer to variables accessible to agent software.
  • Managers can also send requests to set values for certain variables.

SNMP Enumeration Countermeasures

Countermeasure

Do not install the management and monitoring windows component if it is not going to be used. In case it is required ensure that only legally authorized persons have access to it else, it might turn into an obvious backdoor. Edit the Registry to permit only approved access to the SNMP community Name.

About these ads
Comments
  1. dna says:

    Can you provide more information on this? take care

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s