AntiOnline Spotlight: Footprinting with Host
Learn how the venerable host command can reveal more about your network than you think, not to mention what hackers probably already know.
Generally speaking, a savvy attacker likes to know the lay of the land well before mounting an assault on a network. The tools used to draw up this roadmap vary in effectiveness and sophistication yet something as simple as the 'host' command can provide a surprisingly accurate picture of your network.
It turns out that by invoking this command (and its many modifiers) administrators have yet another tool to add to their security toolkit for security audits, approved security tests and identifying the places on your network that are most likely to get targeted for an attack.
Host is a powerful tool in the security wars, employed by attackers and defenders alike. Use it wisely!
Note: The opinions expressed below are solely those of the individual posters on the AntiOnline forums.
Direct link to this week's spotlight thread:
Footprinting with Host
SonofGalen thoughtfully put together this tutorial on what the host command reveals about a network. First, a few words to get us started:
The host command is perhaps one of the most valuable if you are trying to do some enumeration of your system, or anyone else's. The host command will help you find machines, as well as the properties of many of the same machines, so that you can get a better idea of what is out there early on.Now some highlights... Typing in the host command, we find the following output, which tells us about the various modifiers:
Using it in conjunction with a few other trusty commands, you can garner a lot about nearly any computer system or network.
Want to know how our tutorial author combined these modifiers to reveal a network's arrangement? Click here.maccurdy@DBurnet:~> host Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time] [-R number] hostname [server] -a is equivalent to -v -t * -b Use the bitstring form of IPv6 reverse lookup (deprecated) -c specifies query class for non-IN data -C compares SOA records on authoritative nameservers -d is equivalent to -v -l lists all hosts in a domain, using AXFR -n Use the nibble form of IPv6 reverse lookup (default) -N changes the number of dots allowed before root lookup is done -r disables recursive processing -R specifies number of retries for UDP packets -t specifies the query type -T enables TCP/IP mode -v enables verbose output -w specifies to wait forever for a reply -W specifies how long to wait for a reply
What is AntiOnline?
AntiOnline (AO) is home to many of the most popular network security discussion forums online. Here, participants engage in candid, thought-provoking and enlightening exchanges on the latest hazards and how to protect your systems against them.
We invite you to join the AO community (it's free!), share your wisdom and learn a few things in the process.