Understanding DNS Enumeration

DNS enumeration is the process of locating all the DNS servers and their corresponding records for an organization. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.
NSlookup, DNSstuff, the American Registry for Internet Numbers (ARIN), and Whois can all be used to gain information that can then be used to perform DNS enumeration.

NSlookup and DNSstuff

One powerful tool you should be familiar with is NSlookup (see Figure 1). This tool queries DNS servers for record information. It's included in Unix, Linux, and Windows operating systems. Hacking tools such as Sam Spade also include NSlookup tools.

Figure 1: NSlookup
Building on the information gathered from Whois, you can use NSlookup to find additional IP addresses for servers and other hosts. Using the authoritative name server information from Whois (AUTH1.NS.NYI.NET), you can discover the IP address of the mail server.
The explosion of easy-to-use tools has made hacking easy, if you know which tools to use. DNSstuff is another of those tools. Instead of using the command-line NSlookup tool with its cumbersome switches to gather DNS record information, just access the website www.dnsstuff.com, and you can do a DNS record search online. Figure 2 shows a sample DNS record search on www.eccouncil.org using DNSstuff.com.

Figure 2. DNS record search of www.eccouncil.org
This search reveals all the alias records for www.eccouncil.org and the IP address of the web server. You can even discover all the name servers and associated IP addresses.

No comments:

Post a Comment

Popular Posts