当前位置:网站首页>[principles and technologies of network attack and Defense] Chapter 3: network reconnaissance technology
[principles and technologies of network attack and Defense] Chapter 3: network reconnaissance technology
2022-07-07 18:01:00 【Godams】
3.1 summary
⽹ Network reconnaissance needs reconnaissance ⽬ Basic information of the subject
- Static information
All kinds of contact information , Including name, 、 mailbox 、 Phone number, etc
DNS、Web The server
Where the host is located ⽹ Collaterals ,IP Address
⽹ Network topology - Dynamic information
⽬ Mark whether the host is powered on
⽬ Check whether the host has installed the software you are interested in
⽬ Mark the type of operating system installed on the host
⽬ Mark whether there is a security vulnerability on the host ⽤ To attack - other ⼀ Be sure to ⽹ Collateral attack produces ⽣ do ⽤ Information about .
⽹ Network information collection ⽅ Law
- ⽹ Luo stampede : The attacker's response to ⽬ Mark in ⾏ information gathering , understand ⽬ The underlying ⽹ Network environment and information security . Prepare for attack . Specific contents ⻅ ⽹ Network detection often ⽤ Of ⼿ Paragraph and ⽅ Law .
- ⽹ Network scanning : Race seconds ⽬ mark ⽹ Collateral , Find as many connections as possible ⽬ mark . Before going into ⼀ Step probe to get the type 、 Existing security weaknesses and other information .
- ⽹ Check : For known weaknesses , For the identified services ⾏ More targeted exploration , Find what can really be attacked ⼊⼝, And the key data that may be needed during the attack . be relative to ⽹ Network scanning , More detailed , The scope is more ⼩.
3.2 Network reconnaissance methods
- Search engine information collection
- Whois Inquire about
- DNS Information Service
- ⽹ Network topology discovery
- benefit ⽤ social contact ⽹ Get information online
- other ⽅ Law
- social ⼯ Cheng Xue
- garbage
- Look up web Site
3.2.1 Search engine information collection
Baidu often uses advanced grammar
- site:[ Domain ] – site:zhihu.com
Returns search results related to a specific domain . - link:[Web⻚⾯] – link:www.csdn.net
Give and specify web⻚⾯ Linked sites . May leak ⽬ Business relationship of target site - Intitle:[ Conditions ]
⽤ The search title contains a specific search ⽂ Ben's ⻚⾯ - intext:[ Conditions ]
⽤ In search of ⽂ Contains specific searches ⽂ Ben's ⻚⾯ - related:[ Site ]
Display with specific retrieval ⻚⾯ Related ( similar ) Of web⻚⾯ - filetype:[ suffix ]
⽤ For finding specific types of ⽂ Pieces of - cache:[⻚⾯] – cache:www.csdn.net lookup csdn.net Was recently Baidu bot grabbing ⻚⾯ Show me ⾃ On Baidu Snapshot ⻚⾯ Content . For finding recently removed or currently unavailable ⽤ Of ⻚⾯ when ⾮ There is often ⽤.
- Not
Filter Web⻚⾯ Specific conditions contained in - Plus
tell Baidu This keyword should not be filtered out
Shodan and ZoomEye The basic characteristics of
Be able to connect ⽹ Search the host 、 The server 、 camera 、 Devices like printers and routers
Search for :⽹ Network devices 、⽹ Contact services 、⽹ Collateral system 、banner Information
Search format :A B C fiter:value filter:value filter:value
Zoomeye And Shodan The difference between :
Shodan Mainly for device fingerprints , That is, for some specific ends ⼝ Returned after communication banner Information into ⾏ Collection and indexing
Zoomeye In addition to detecting device fingerprints , Detection is also enhanced for some services .⽐ Such as Web Detailed analysis of services .
ping、nslookup、tracert(tracerout)
Traceroute :⽹ Network fault diagnosis and acquisition ⽹ Network topology ⼯ have .
nslookup: Inquire about DNS The record of , Check whether domain name resolution is normal , stay ⽹ When the network fails ⽤ To diagnose ⽹ The problem of network . Query the domain name IP Address
ping: testing ⽹ Network connectivity .
3.4 Network reconnaissance and defense
- Defense search engine reconnaissance
- Yes ⼰⽅ Of web Site content construction ⽴ Strict information disclosure strategy . Determine which sensitive data and information should not be in Web Appear on the site . But also for the staff ⼯ Into the ⾏ train , Ask them not to be on newsgroups or BBS Publish sensitive information on .
- Ask search engines to remove what they do not expect to be made public web⻚⾯ Indexes ,
- defense Whois Inquire about
- Guarantee Whois There is no record in that can be used by an attacker additionally ⽤ Information about . Such as the administrator's account name .
- But also for the staff ⼯ Into the ⾏ train , prevent ⽌ They fall into society ⼯ The trap of Engineering .
- defense DNS scout
- Concept supplement : Zone transfer :DNS The server replicates the database ⽂ Piece in ⾏ Sync . For those with this function DNS The server , Attackers can use this DNS Server as a springboard , obtain ⽬ Target host information .
- Avoid passage DNS Divulge additional information . for example : The domain name should not disclose the operating system of the computer ,⽤ Transit information .
- send ⽤DNS Separation technology , stay ⼏ platform DNS Distributed storage on the server DNS Information , Make internal and external ⽤ Household emissary ⽤ Different DNS service .
- Limit DNS Zone transfer . send ⽤ prevent ⽕ Wall configuration filter rules , So that only a few known AIDS are allowed DNS The server enters ⾏ Zone transfer .
- Defense society ⼯ Engineering attacks and garbage retrieval
- Trainer ⼯ Safety awareness . For computer configuration 、⼝ Make phone inquiries of sensitive information such as , Without confirming his identity , Do not disclose the relevant information technology department ⻔ Encountered modification permission 、 Reset password and other requests , Need to be right ⻬ Into the ⾏⼆ Secondary identity authentication . Special emphasis on caller ID technology , You can't just rely on caller ID to confirm ⽅ identity .
- send ⽤ Paper shredder, CD shredder and other equipment . For waste equipment and paper with sensitive information , All need to be crushed or incinerated .
边栏推荐
- ViewSwitcher的功能和用法
- What skills can you master to be a "master tester" when doing software testing?
- Win11C盘满了怎么清理?Win11清理C盘的方法
- Tips of this week 141: pay attention to implicit conversion to bool
- [trusted computing] Lesson 10: TPM password resource management (II)
- Use onedns to perfectly solve the optimization problem of office network
- 保证接口数据安全的10种方案
- YARN Capacity Scheduler容量调度器(超详细解读)
- [tpm2.0 principle and Application guide] Chapter 1-3
- List selection JS effect with animation
猜你喜欢
DatePickerDialog和trimepickerDialog
Robot engineering lifelong learning and work plan-2022-
Run Yolo v5-5.0 and report an error. If the sppf error cannot be found, solve it
Chapter 3 business function development (user access project)
[OKR target management] value analysis
Native JS verification code
textSwitch文本切换器的功能和用法
yolo训练过程中批量导入requirments.txt中所需要的包
Functions and usage of viewflipper
Cartoon | who is the first ide in the universe?
随机推荐
Toast will display a simple prompt message on the program interface
Actionbar navigation bar learning
漫画 | 宇宙第一 IDE 到底是谁?
青年时代历练和职业发展
Create dialog style windows with popupwindow
Pro2:修改div块的颜色
Tips for this week 134: make_ Unique and private constructors
SD_DATA_RECEIVE_SHIFT_REGISTER
ViewSwitcher的功能和用法
运行yolo v5-5.0版本报错找不到SPPF错误,进行解决
2021年全国平均工资出炉,你达标了吗?
Cartoon | who is the first ide in the universe?
Functions and usage of ratingbar
ICer知识点杂烩(后附大量题目,持续更新中)
Pytorch中自制数据集进行Dataset重写
Test for 3 months, successful entry "byte", my interview experience summary
Vscode three configuration files about C language
Based on pytorch, we use CNN to classify our own data sets
Taffydb open source JS database
textSwitch文本切换器的功能和用法