Network-Based Passive Information Gathering

Network-Based Passive Information Gathering

Romuald Thion (University of Lyon, France)
Copyright: © 2007 |Pages: 9
DOI: 10.4018/978-1-59140-991-5.ch016
OnDemand PDF Download:
No Current Special Offers


The information gathering process in cyber-warfare is as important as in real warfare. Once blackhats or cyber-terrorists aimed at an organization, they need to known as much as possible about its structure, its network organization, the people working in it, their addresses, hardware and software in use: the very first step of a cyber battleplan is to know as much as possible about the battleground and the enemy. Though social engineering is a widely spread effective technique used for this purpose, other network-based techniques can be used in order to gather as much information as possible: from DNS query to infer network topology, NSLookUp to retrieve names and e mails to intrusive techniques such as scanning tools. All this information correlated can produce very accurate results. Nowadays, the forthcoming Google Hacking is a new extremely powerful method to retrieve sensitive information anonymously. We present basic types of non-intrusive information retrieving tools, dedicated either to web server, software or hardware digging. We also describe interesting use of the Google Search engine involving advanced queries/techniques. A set of best individual and general practices are described in order to reduce the information disclosure risks.

Complete Chapter List

Search this Book: