(5) DND And WhoIs Flashcards
What is nslookup?
nslookup is a tool in Windows, Linux, and MacOS to look up domain name to ip address conversion
What does the -query flag do?
The -query flag allows you to look up other types of DNS records such as MX, NS, SOA, and ANY as possible entries
Ex.) nslookup -query= mx microsoft.com
What does tracert allow you to do in terms of information gathering?
tracert allows you to gather information about network topologies and to see the path packets take to a host.
Who manages domain names?
registrars manage domain names. They are accredited by top level domain (gTLD) registries and/or country code top level domain (ccTLD) registries
i.e. registrars work with the domain name registries to provide registration services: the ability to get and use domain names
What do registrars do for customers?
Registrars provide the interface between customers and the domain registries and take care of purchasing, billing, and the maintenance of the day to day operations, including renewal for domain registrations
they also handle domain transfers, which require authorization by the current domain owner and a release of the domain to the new registrar
Who manages the global IP address space?
IANA (The Internet Assigned Numbers Authority) manages the DNS Root Zone, which handles gTLDs (generic top level domains) and ccTLDs (country code top level domains)
How can DNS entries provide useful information about systems?
DNS entries provide useful information about systems in that a system named “Corporate Accounts Server” is going to be attacked quite readily vs one that simply manages something not nearly as interesting
Once a person discovers a DNS server, what can they do to look up information about it?
Once a person discovers a DNS server, they can use the dig tool to query it.
Another test is to see if it supports zone transfers, which makes going after org DNS data much easier
What is a DNS zone transfer?
A DNS zone transfer can replicate DNS databases between DNS servers, which can allow a hacker to gain valuable information
Most DNS servers should be set to block zone transfers to servers that the DNS server isn’t approved for
What is an example of a command one can use to see if a zone transfer is possible on a DNS Server?
Such commands to see if zone transfers are possible are:
host -t axfr domain.name dns-server
dig axfr @dns-server domain.name
What is DNS Brute Forcing?
DNS Brute Forcing is all about sending a manual or scripted DNS query for each IP address that the org uses and it can provide a useful list of systems
This can be partially prevented by using an IDS or IPS with a rule that will prevent DNS Brute Force Attacks
What does the host command in Linux do?
The host command provides information about a systems IPv4 and IPv6 addresses as well as its email servers
How can packet capture help with information gathering?
Packet capture can tell you what systems are on a network.
Pentesters or attackers have to get access to the network first before they can packet capture
internal security teams can do packet capture pretty much at will because they already have access to the network
