Networking / Beginners


Hostnames can provide valuable information to an attacker. Small companies, departments, or domains may use themed hostnames. Knowing the theme can provide information about the administrator. For example, if the hostnames eminiar, gothos, thasus, and vendikar appear in the hostname listing, then the administrator is likely a Star Trek fan (these are the names of Star Trek planets). This information is valuable to social engineers. A social engineer that contacts the administrator may create a friendship bond over a common trait. The bond can be exploited to gain trust and can be used as a conduit for collecting information leaks that can aid attacks. Similarly, passwords are frequently chosen based on themes. Knowing the computer theme may assist password discovery.

Whereas small companies use colorful themes, larger companies usually use employee names, phone numbers, or IDs along with department abbreviations. This information discloses employee information, department sizes, and contact points for social engineering.

Hostnames may also disclose the type of network service available. For example, most hosts named www (any domain) likely run Web servers. The host ftp runs an FTP server. Variations of ns, dns, and bind (e.g., ns1 or adns02) are likely primary or secondary name servers. If an attacker knows a vulnerability for mail servers, then the focus may be placed on hosts named mail or smtp (SMTP/email services) rather than hosts named ns or www.

Reconnaissance and Exploitation

DNS allows an attacker to gain insight about potential targets. Reconnaissance about a domain may come from hostnames, zone transfers, host listings, and DNS fields. Knowing information about a host can directly lead to exploitable risks and additional reconnaissance. Along with exploitation and information gathering, DNS can also be used to hide information.

[Previous] [Contents] [Next]