As part of mapping out your network, you can search public databases and resources to see what other people know about your systems.
The best starting point is to perform a WHOIS lookup by using any one of the tools available on the Internet. In case you’re not familiar, WHOIS is a protocol you can use to query online databases such as DNS registries to learn more about domain names and IP address blocks. You may have used WHOIS to check whether a particular Internet domain name is available.
For security testing, WHOIS provides the following information that can give a hacker a leg up to start a social engineering attack or to scan a network:
- Internet domain name registration information, such as contact names, phone numbers, and mailing addresses
- DNS servers responsible for your domain
You can look up WHOIS information at one of the following places:
- WHOIS.net ( www.whois.net )
- A domain registrar’s site, such as www.godaddy.com
- Your ISP’s technical support site
Two of my favorite WHOIS tool websites are DNSstuff ( www.dnsstuff.com ) and MXToolBox ( www.mxtoolbox.com ). For example, you can run DNS queries directly from www.mxtoolbox.com to do the following:
- Display general domain-registration information
- Show which host handles e-mail for a domain (the Mail Exchanger or MX record)
- Map the location of specific hosts
- Determine whether the host is listed on certain spam blacklists
A free site you can use for more basic Internet domain queries is http://dnstools.com . Another commercial product called NetScanTools Pro ( www.netscantools.com ) is excellent at gathering such information.
The following list shows various lookup sites for other categories:
- U.S. Government: www.dotgov.gov/portal/web/dotgov/whois
- AFRINIC: www.afrinic.net (Regional Internet Registry for Africa)
- APNIC: www.apnic.net/apnic-info/whois_search (Regional Internet Registry for the Asia Pacific Region)
- ARIN: http://whois.arin.net/ui (Regional Internet Registry for North America, a portion of the Caribbean, and subequatorial Africa)
- LACNIC: www.lacnic.net/en (Latin American and Caribbean Internet Addresses Registry)
- RIPE Network Coordination Centre: https://apps.db.ripe.net/search/query.html (Europe, Central Asia, African countries north of the equator, and the Middle East)