Reconnaissance Phase

2019 ◽  
pp. 119-148
Keyword(s):  
Social Engineering ◽  
Information Gathering ◽  
Detection Methods ◽  
Target System ◽  
Domain Name ◽  
Ip Address ◽  
Mail Server ◽  
Dumpster Diving ◽  
Tools And Techniques

In warfare, “reconnaissance” is the process of collecting information about enemy forces using different detection methods. In ethical hacking, reconnaissance is the first phase targeted to gather and learn as much as information available about the target using tools like internet sources, social engineering techniques, dumpster diving, email harvesting, Whois database, etc. This chapter introduces different tools and techniques used during the active and passive reconnaissance phases in detail. Reconnaissance consists of footprinting, scanning, and enumeration techniques used to covertly discover and collect information about a target system. During reconnaissance, an ethical hacker attempts to gather as much information about a target system as possible. It can use active (by directly interacting with the target which have risk of getting caught like social engineering methods) or passive (like visiting target website) information-gathering methods in order to identify the target and discover its IP address range, network, domain name, mail server, DNS records, employee names, organization charts, and company details. The chapter also provides the details of possible countermeasures to be implemented on website to avoid revealing more information to the attackers.

Structure and Organization of the Domain Name System

2015 ◽  
Author(s):  
Torsten Bettinger
Keyword(s):  
Host Computer ◽  
The Internet ◽  
Domain Name System ◽  
Domain Name ◽  
Global Regulation ◽  
Ip Address ◽  
Domain Names ◽  
Data Packets ◽  
System P ◽  
Administrative Tasks

Although the Internet has no cross-organizational, financial, or operational management responsible for the entire Internet, certain administrative tasks are coordinated centrally. Among the most important organizational tasks that require global regulation is the management of Internet Protocol (IP) addresses and their corresponding domain names. The IP address consists of an existing 32 bit (IP4) or 128 bit (IP6) sequence of digits and is the actual physical network address by which routing on the Internet takes place and which will ensure that the data packets reach the correct host computer.

Phishing

2011 ◽  
pp. 210-220 ◽  
Author(s):  
Indranil Bose
Keyword(s):  
Personal Information ◽  
Social Engineering ◽  
End User ◽  
Management Tools ◽  
Multifactor Authentication ◽  
Mail Server ◽  
Protection Strategies ◽  
Password Management ◽  
E Mail ◽  
User Protection

Phishing is a new form of online crime where the unsuspecting user is tricked into revealing his/her personal information. It is usually conducted using social engineering or technical deceit–based methods. The various ways in which phishing can take place are described in this chapter. This is followed by a description of key strategies that can be adopted for protection of end users and organizations. The end user protection strategies include desktop protection agents, password management tools, secure e-mail, simple and trusted browser setting, and digital signature. Among corporate protection strategies are such measures as e-mail personalization, mail server authentication, monitoring transaction logs, detecting unusual downloading activities, token based and multifactor authentication, domain monitoring, and Web poisoning. Some of the commercially available and popular anti-phishing products are also described in this chapter.

scholarly journals Knocking on IPs: Identifying HTTPS Websites for Zero-Rated Traffic

2020 ◽  
Vol 2020 ◽  
pp. 1-14
Author(s):  
Mariano Di Martino ◽  
Peter Quax ◽  
Wim Lamotte
Keyword(s):  
Experimental Analysis ◽  
Service Providers ◽  
State Of The Art ◽  
Domain Name ◽  
Internet Service ◽  
Ip Address ◽  
Identification Methods ◽  
Current State ◽  
Novel Approach ◽  
Current Zero

Zero-rating is a technique where internet service providers (ISPs) allow consumers to utilize a specific website without charging their internet data plan. Implementing zero-rating requires an accurate website identification method that is also efficient and reliable to be applied on live network traffic. In this paper, we examine existing website identification methods with the objective of applying zero-rating. Furthermore, we demonstrate the ineffectiveness of these methods against modern encryption protocols such as Encrypted SNI and DNS over HTTPS and therefore show that ISPs are not able to maintain the current zero-rating approaches in the forthcoming future. To address this concern, we present “Open-Knock,” a novel approach that is capable of accurately identifying a zero-rated website, thwarts free-riding attacks, and is sustainable on the increasingly encrypted web. In addition, our approach does not require plaintext protocols or preprocessed fingerprints upfront. Finally, our experimental analysis unveils that we are able to convert each IP address to the correct domain name for each website in the Tranco top 6000 websites list with an accuracy of 50.5% and therefore outperform the current state-of-the-art approaches.

scholarly journals Implementasi Mail Server Berbasis Squirrelmail Dengan Exchange Server Menggunakan Teknologi Virtualisasi di SMK Negeri 1 Pendalian IV Koto

2018 ◽  
Vol 14 (2) ◽  
Author(s):  
Basorudin Basorudin
Keyword(s):  
Web Server ◽  
Distributed Database ◽  
Domain Name System ◽  
Post Office ◽  
Domain Name ◽  
Web Browser ◽  
Access Protocol ◽  
Directory Service ◽  
Mail Server ◽  
E Mail

Teknologi virtualisasi server merupakan penggunaan bersama satu mesin fisikal oleh beberapa sistem operasi server. Perancangan dan implementasi mail server ini dibangun dengan menggunakan Debian.5 sebagai base operating system server. Perancangan dan implementasi mail server ini dibangun dengan menggunakan dns server, web server dan mail server/squirrelmail, di konfigurasi menggunakan bantuan aplikasi virtualbox sebagai server. DNS (Domain Name System) adalah sebuah sistem yang menyimpan informasi tentang nama host maupun nama domain dalam bentuk basis data tersebar (distributed database) di dalam jaringan komputer, misalkan Internet. Aplikasi yang digunakan untuk menangani penghantaran pesan mail adalah mail server. Mail server ini senantiasa menerima pesan dari e-mail client yang digunakan user, atau mungkin dari server e-mail lainnya. Web mail berfungsi untuk mengirim dan melihat pesan email melalui web browser. Konfigurasi squirrelmail dilakukan dengan menjalankan skrip conf.pl : $/var/www/wemail/config/ conf.pl. Layanan Exchange Server antara lain : Directory Service, Simple Mail Transfer Protocol (SMTP), Post Office Protocol ( POP3 ), IMAP (Internet Message Access Protocol), Complementary Services, System Attendant. Untuk Proses Pengiriman Mail Server dapat dilihat pada nomor 5.2. Kata Kunci: Squirrelmail, Exchange Server, DNS Server, Web Server, Mail Server.

scholarly journals Trade name and trademark versus domain

2013 ◽  
Vol 61 (4) ◽  
pp. 1069-1076 ◽  
Author(s):  
Jarmila Pokorná ◽  
Eva Večerková
Keyword(s):  
Legal Regulation ◽  
Business Activity ◽  
Domain Name ◽  
Ip Address ◽  
Domain Names ◽  
Trade Name ◽  
Versus Domain ◽  
Technical Sense ◽  
Legal Sense ◽  
Average User

Internet domains have become an integral part of our lives, so one can easily understand that during their use, conflicts can arise, whose participants will search for rules enabling resolution of conflicts. Since the domain name is a replacement of the computer IP address, in the technical sense of the word, this does not concern for domain names a commercial name or brand, because it primarily does not belong to a person in the legal sense of the word and does not serve for its individualization. The average user regularly affiliates domain names with a person offering goods or services on the relevant Website. Domain names used by entrepreneurs in their business activity are often chosen so that the second-level domain (SLD) would use words that form the trade name of corporations formed of trading companies. This fact brings domain names close to such designations that serve the individualization of persons or products, especially the trademarks and the commercial name. Domains can come into conflict with the rights to designations, especially trademarks and commercial names. Court practice is resolving these conflicts using rules for unfair competition, or rules for protection of commercial names and trademarks, but it is not ruled out that in the future, special legal regulation of domain names could be established.

Online Dispute Resolution

E-Justice ◽  
2010 ◽  
pp. 87-96
Author(s):  
Melissa H. Conley Tyler
Keyword(s):  
Dispute Resolution ◽  
Communication Technology ◽  
Entire Range ◽  
Digital Government ◽  
Domain Name ◽  
Online Dispute Resolution ◽  
The World ◽  
Information And Communication ◽  
Governance Institutions ◽  
Tools And Techniques

Every community—whether physical or virtual will inevitably experience conflict. New ways of interacting through information and communication technology has led to new conflicts, such as domain name or e-commerce disputes. At the same time, governments need to deal with the entire range of disputes in society, whether crimes, neighborhood disputes, ethnic conflict, or disputes with its own employees. A key role for government and for e-governance is providing mechanisms to help resolve these disputes. The emerging area of online dispute resolution (ODR) potentially offers a useful set of tools and techniques for resolving disputes. Capable of being used for both online and offline disputes, ODR has already proved that it can provide effective resolution for at least some disputes: more than 1.5 million cases had been successfully resolved online to July 2004 (Conley Tyler, 2005). Governments and e-governance institutions around the world are adopting or considering the applicability of ODR as a tool for digital government.

The Dynamics of Social Engineering and Cybercrime in the Digital Age

2021 ◽  
pp. 144-149
Author(s):  
Nabie Y. Conteh ◽  
DeAngela “Dee” Sword
Keyword(s):  
Social Engineering ◽  
Digital Age ◽  
Computer Based ◽  
Defense In Depth ◽  
Dumpster Diving ◽  
The Impact

Social engineering attacks have emerged to become one of the most problematic tactics used against businesses today. Social engineers employ both human-based and computer-based tactics to successfully compromise their targeted networks. This chapter will discuss the basics of social engineering and what it means today. It will explain some common attack methods like baiting, phishing, pretexting, quid pro quo, tailgating, and dumpster diving. It will then highlight the impact social engineering has had on the rise in cybercrime and why threat actors have grown more innovative. Finally, this chapter will discuss what multi-layer defense or defense in depth is and offer countermeasures that can be enforced to defend against social engineering attacks.

Detecting Network Anomalies In ISP Network Using DNS And NetFlow

2019 ◽  
Vol 2 (3) ◽  
pp. 238-242
Author(s):  
Andreas Tedja ◽  
Charles Lim ◽  
Heru Purnomo Ipung
Keyword(s):  
Service Providers ◽  
The Internet ◽  
Domain Name System ◽  
Domain Name ◽  
Internet Service ◽  
Ip Address ◽  
Traffic Characteristics ◽  
The World ◽  
Fast Flux ◽  
Crucial Part

The Internet has become the biggest medium for people to communicate with otherpeople all around the world. However, the Internet is also home to hackers with maliciouspurposes. This poses a problem for Internet Service Providers (ISP) and its user, since it ispossible that their network is compromised and damages may be done. There are many types ofmalware that currently exist on the Internet. One of the growing type of malware is botnet.Botnet can infect a system and make it a zombie machine capable of doing distributed attacksunder the command of the botmaster. In order to make detection of botnet more difficult,botmasters often deploy fast flux. Fast flux will shuffle IP address of the domain of themalicious server, making tracking and detection much more difficult. However, there are stillnumerous ways to detect fast flux, one of them is by analysing DNS data. Domain Name System(DNS) is a crucial part of the Internet. DNS works by translating IP address to its associateddomain name. DNS are often being exploited by hackers to do its malicious activities. One ofthem is to deploy fast flux.Because the characteristics of fast flux is significantly different thannormal Internet traffic characteristics, it is possible to detect fast flux from normal Internettraffic from its DNS information. However, while detecting fast flux services, one must becautious since there are a few Internet services which have almost similar characteristics as fastflux service. This research manages to detect the existence of fast flux services in an ISPnetwork. The result is that fast flux mostly still has the same characteristics as found on previousresearches. However, current fast flux trend is to use cloud hosting services. The reason behindthis is that cloud hosting services tend to have better performance than typical zombie machine.Aside from this, it seems like there has been no specific measures taken by the hosting service toprevent this, making cloud hosting service the perfect medum for hosting botnet and fast fluxservices.

scholarly journals Discovering Suspicious APT Behaviors by Analyzing DNS Activities

Sensors ◽  
2020 ◽  
Vol 20 (3) ◽  
pp. 731 ◽  
Author(s):  
Guanghua Yan ◽  
Qiang Li ◽  
Dong Guo ◽  
Xiangyu Meng
Keyword(s):  
Weak Link ◽  
Threat Assessment ◽  
Detection Methods ◽  
Domain Name ◽  
Advanced Persistent Threat ◽  
Security Issues ◽  
Request Message ◽  
Target Network ◽  
New Feature ◽  
The Relationship

As sensors become more prevalent in our lives, security issues have become a major concern. In the Advanced Persistent Threat (APT) attack, the sensor has also become an important role as a transmission medium. As a relatively weak link in the network transmission process, sensor networks often become the target of attackers. Due to the characteristics of low traffic, long attack time, diverse attack methods, and real-time evolution, existing detection methods have not been able to detect them comprehensively. Current research suggests that a suspicious domain name can be obtained by analyzing the domain name resolution (DNS) request to the target network in an APT attack. In past work based on DNS log analyses, most of the work would simply calculate the characteristics of the request message or the characteristics of the response message or the feature set of the request message plus the response message, and the relationship between the response message and the request message was not considered. This may leave out the detection of some APT attacks in which the DNS resolution process is incomplete. This paper proposes a new feature that represents the relationship between a DNS request and the response message, based on a deep learning method used to analyze the DNS request records. The algorithm performs threat assessment on the DNS behavior to be detected based on the calculated suspicious value. This paper uses the data of 4, 907, 147, 146 DNS request records (376, 605, 606 records after DNS Data Pre-processing) collected in a large campus network and uses simulation attack data to verify the validity and correctness of the system. The results of the experiments show that our method achieves an average accuracy of 97.6% in detecting suspicious DNS behavior, with the orange false positive (FP) at 2.3% and the recall at 96.8%. The proposed system can effectively detect the hidden and suspicious DNS behavior in APT.

Sign in / Sign up

Export Citation Format

Share Document