Follow Slashdot stories on Twitter


Forgot your password?

Reconnaissance In Virtual Space 89

An anonymous reader writes "Whitedust Security have released an interesting article discussing online reconnaissance techniques. From the article: 'Sometimes thirty-two bits are all you need. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concerning a target via the Internet'."
This discussion has been archived. No new comments can be posted.

Reconnaissance In Virtual Space

Comments Filter:
  • by ciroknight ( 601098 ) on Saturday September 24, 2005 @05:33PM (#13640186)
    What.. is Cyberspace no longer a valid buzzword???
    • Oh no, far from it. Cyberspace, however, is the world of yesterday. You see, in Virtual Space, reconnaissance is done in person, in the computer's world itself. Amidst towering circuitry, glowing with an eerie light, you race about upon futuristic wire-frame motorcycles, intent on bringing combat to the all-powerful Master Control Program which rules all. Good luck.
  • Goodbye AMD (Score:5, Funny)

    by Nom du Keyboard ( 633989 ) on Saturday September 24, 2005 @05:35PM (#13640201)
    thirty-two bits are all you need.

    Well, there goes my need for AMD64.

    • Re:Goodbye AMD (Score:1, Offtopic)

      by ciroknight ( 601098 )
      ... you completely and totally missed the "SOMETIMES" that came right before 32-bits. But thanks for playing!
    • Re:Goodbye AMD (Score:3, Informative)

      by IdleTime ( 561841 )
      I, for one, is happy to have a 64-bit, twice as difficult ;-)

      The article is moronic and only discusses the ip-address, the easiest thing to hide if you really want to. I guess this would be a life-changing article if you don't know anything about networks, other than that, it's not worth the click.
  • by sokoban ( 142301 ) on Saturday September 24, 2005 @05:36PM (#13640204) Homepage
    if you want to catch a 2-bit crook
  • by pHatidic ( 163975 ) on Saturday September 24, 2005 @05:36PM (#13640205)
    1) Enable webstats
    2) Look at who has been going to your website
    3) If someone from a college you have a (hot girl) friend at visits your site, use facebook to see if the hit is from the dormroom they are in
    4) If so, shoot them an email saying that you were thinking of them and asking how they are
    5) Wait until they write back and say, "what a coincidence, I was thinking of you too!"
    6) ????
    7) Profit!

    And the best thing is technically they're the one stalking you

    (exercepted from an article to be published on kuro5hin in the mysterious future on using your personal website to get pick up women)
    • Ha, ha ha! Back when everyone at my college used pione to read email, I used to correlate hits on my server with hostnames from the "last -a" command. Very useful!
      • Yes, email is an excellent way to get hostnames. Helpful hint: At the start of each school year send out a mass email to everyone you know with your address, and ask people to reply with theirs so you can update your rolodex.

        I should be charging (or perhaps getting charged) for this.
        • hint [for collecting IP addresses]: At the start of each school year send out a mass email to everyone you know with your address, and ask people to reply with theirs so you can update your rolodex. I should be charging (or perhaps getting charged) for this.

          Try software patents.

          Oh, and the fame and fortune they (purportedly) bring... should help you with women, too.

          Too bad by the time you get to use your "amazing discoveries" (made the hard way by using the "insights" from TFA [] -with anonymous<gasp>s

        • Now I use cookies, this technique and aim "%n" links to track people. :D
      • To heck with email... I remember the shouts of "finger me!" across the halls... of course, it was typically a couple of guys, but there was the occasional hottie...
      • "last" is indeed a very useful command; I use it mainly to pinpoint the physical location of a person I might want to make contact with on campus area :) Goes well with IRC:
        1. <LeetGirl> joins a channel from a university computer
        2. Get her username and host and ssh in to the same machine.
        3. last | grep -i username | head -n 5
        4. Check remote host for her connection; if it represents a machine in a computer classroom, hop in and say "hi" to start a conversation :) Or just sit quietly in the back row
  • by giorgiofr ( 887762 ) on Saturday September 24, 2005 @05:40PM (#13640239)
    A guide to internet reconnaissance? WHERE? This is just an overview of the whois command! And it made the frontpage on /.
    How sad.
  • little content (Score:5, Insightful)

    by MJArrison ( 154721 ) on Saturday September 24, 2005 @05:40PM (#13640240) Homepage
    There is very little here besides:

    man nslookup
    man whois

    Try those commands for a more complete understanding of what's going on.
  • Reconnaissance!? (Score:5, Insightful)

    by david duncan scott ( 206421 ) on Saturday September 24, 2005 @05:41PM (#13640242)
    nslookup and whois? My God, is it legal to disseminate such critical information as this?

    Jeez, I was hoping for something vaguely Kevin Mitnick, and instead I get Sam Spade. [] This may not be Intarweb 101, but it's maybe 102.

  • by CyricZ ( 887944 ) on Saturday September 24, 2005 @05:41PM (#13640248)
    I haven't heard of Whitedust Security before. Who exactly are they? What are some notable accomplishments of this group in the field of computer security? Have they performed any other notable studies, or written any revolutionary papers?

  • "Still, you'll gain a much better footing once you have the means to personify your target."

    In context, I know what he means. But if I am trying to get a person's IP address, does that mean I'm trying to "computerfy" them?
  • DNS and whois? (Score:4, Informative)

    by slavemowgli ( 585321 ) on Saturday September 24, 2005 @05:49PM (#13640312) Homepage
    To sum up the article:

    1) You can use the DNS system to resolve IP addresses to hostnames, which may tell you something about the organisation they belong to.
    2) For more information, perform a whois query.

    That's news? Seriously, people, that's like saying that you can control your car with the help of this "steering wheel"...
  • What a waste of time (Score:1, Informative)

    by Anonymous Coward

    TTL based routing analysis (traceroute), whois retrieval and plain DNS lookups, is that all? And not even a rundown of the nmap commandline, just nslookup(.exe) and tracert(.exe).

    Where is all the other TTL based stuff like, oh I don`t know figuring out what packet filters ("firewalls" for the mysticism fans) are dropping [] along the way? What about OS fingerprinting [], simple googleing, what about DNS zone transfers, how about looking for published traffic graphs? How about simply connecting and letting someth

    • Well, say what you want, it must be some pretty high end stuff, I know I can't get it to work on my machine :

      7 fred@ix ~ > tracert
      bash: tracert: command not found
  • Junk article. (Score:2, Insightful)

    by mindstrm ( 20013 )
    This is junk.

    "You can do a traceroute, a dns lookup, and read public whois data!"

    Then this stuff about how IP addresses are broken up into "classes" to ease routing.. err, no, they aren't.. though they used to be many, many years ago.

    Also... * * * in a traceroute may indicate ICMP filtering, but more often indicates that rfc1518 private addresses were used on the links, which are then blocked elsewhere. Perfectly normal, and quite common.
    • Then this stuff about how IP addresses are broken up into "classes" to ease routing.. err, no, they aren't.. though they used to be many, many years ago.
      Actually, it does say "IP addresses are traditionally broken into several distinct classes, which were used to manage routing tables in the early years of the Internet".

      Besides that, you are correct about this article being junk.

  • by AutopsyReport ( 856852 ) on Saturday September 24, 2005 @06:14PM (#13640438)
    An article on how to hunt someone down on the Internet. A picture of a beautiful woman on top of the article with a transparent crosshair on her face. The article is submitted to a community of mostly-lonely geeks. God only know's what will happen now.
  • Dear Zonk (Score:1, Insightful)

    by rincebrain ( 776480 )
    Please stop posting articles which the majority of the Slashdot community find insulting to their intelligence.

    Thank you.
  • This article covers whois. Nothing more exciting right? *rolls eyes*

    It is nothing new [] or particularly insightful []. This does bring up 3 questions though

    1 - Is the slashdot crowd so amazed by something so old as whois?
    2 - How much will IP geolocation amaze then?
    3 - Who let this even get posted?
  • Wow what an amazing article! Might I suggest to the WhiteDust "gurus" that their next article explore netstat and the wonders of null session connections on Windows?

    WhiteDust...what a joke.
  • This 'tip' was marketing spam. Gee. This article reminds me of the 'informative email' I get from Spamis with spoofed headers to and from me. Can slashdot STOP these 'anonymous reader' tips before we start getting not only comment spam, but article spam?
  • anyone who has a half brain on how to use whois, dig, host or nslookup has already done these.
  • by postbigbang ( 761081 ) on Saturday September 24, 2005 @07:16PM (#13640789)
    Yeah, the post was about as lame as they get. But here are a sample of some of my tricks:

    1) probe port 80 on the last few addresses you find, and if you get a web page out of there, look at the page source to see if there are other IPs to look up. Nothing like a badly configured chain to cough some more info from. Probe for other common ports at the end of the chain to see if there's a mail server there; maybe you can make it cough more data.

    2) do google or dogpile searches of the IP address, and both the dns names and reverse names; follow each hit until it ends somewhere. Always take notes.

    3) try to find email addresses through index engines using the various domain names, and also its NS records, MX records and anything else in DNS that might point to hidden servers in the route(s). Take notes.

    4) check various rbls, spamhaus, and so on to see if there are other complaints. Sometimes you can have fun.

    5) check any phone numbers; search on those, too. Heaven loves a toll-free # in a spam.

    And now, your tips?
  • Wonder who Whitedust is? Read their mission statement []:

    Within six months of launch, the Whitedust Portal will overtake the existing portals as the leading source of comprehensive, trusted and unbiased security information. This will be achieved through a dedicated approach to reporting security events as they happen. So far in our live period Whitedust have placed an un-mistakable and firm emphasis on fair, unbiased and above all honest news comment on up to the minute security issues - a strategy fundamenta
  • One of the hostnames in the article points to a project server of mine. Please don't muck with it.
  • What? No mention of nmap? I mean, sure I see the writer might be Windows literate only, but come on now - nmap is ported to Win32 as well. At least with nmap, we could have seen some port scanning techniques or something.

    Maybe next time, we'll get an Ethereal treat ... this article was useless.
  • Just don't learn too much about Eric Schmidt. He'll blacklist you.
  • Okay even for a Saturday Night slashdot story, that was weak as hell. I learned this shit YEARS ago, this is BASIC information gathering!

    This might be news to my mom and dad. Well maybe not my dad, he has a clue.
  • by Anonymous Coward
    I don't see how this made it to the front page of Slashdot? This is pretty much a "diet" version of "Tracking Spammers 101" from 5 years ago. In fact, I wonder if this is a txt file someone got from a BBS in 1993. This "paper" has pleanty of flaws. Let's list them:

    1. A practical guide to Internet reconnaissance.

    Wrong. This isn't practical because it doesn't provide the investigator any useful information.

    2. This is a guide to Internet reconnaissance - a guide to finding out as much as you can concernin
  • Since when did Slashdot become "h4x0r for beginners"? This is such common knowledge that I'm not sure you can call "using WHOIS" a technique...
  • You have to under stand who actually built white dust to understand the content of the site. (note they dont actually have their own content) Most of the founding members are made up from friends that came to gether while on IRC in white wolf role playing channels. (they like to advertise whitedust, it makes them feel important) while granted they have web design skills, that about there limit of what they can actually do. The whole point of the website is for something they can put in there protfolio when
  • and discovering, tracing, and whois'ing an ip address is the hippest thing for the kiddies to do on a Saturday night.
  • Is this all you can do???
    Well the net is a safer place than I thought.

In English, every word can be verbed. Would that it were so in our programming languages.