IANA - Internet Assigned Numbers Authority
ICANN - Internet Corporation for Assigned Names and Numbers.
NRO - Number Resource Organisation
RIR - Regional Internet Registries:
AFRINIC - African Network Information Centre
APNIC - Asia Pacific Network Information Centre
National Internet Registries:
ARIN - American Registry for Internet Numbers
LACNIC - Latin America & Caribbean Network Information Centre
- RIPE - Reseaux IP Européens—Network Coordination Centre
I have put together a list of online tools/ websites and the sorts of information you could glean that may help in your Vulnerability Assessment/ Penetration Test:
DNS Stuff - Lots of useful tools
Fixed Orbit - Suite of tools for determining Autonomous System Information.
Kartoo - Metasearch engine that visually presents its result
Geektools
Netcraft - Online search tool allowing queries for host information
Robtex - DNS and AS Lookup combined with a graphical representation of the data (Cool!)
Traceroute.org - Huge listing of sites that will perform traceroutes for you.
Whois.net
Wayback Machine - Archived database of how sites used o look. (For comparison purposes.)
These web resources will provide a plethora of information, especially about DNS which will include:
SOA Records - Indicates the server that has authority for the domain.
MX Records - List of a host’s or domain’s mail exchanger server(s).
NS Records - List of a host’s or domain’s name server(s).
A Records - An address record that allows a computer name to be translated to an IP address. Each computer has to have this record for its IP address to be located via DNS.
PTR Records - Lists a host’s domain name, host identified by its IP address.
SRV Records - Service location record.
HINFO Records - Host information record with CPU type and operating system.
TXT Records - Generic text record.
CNAME - A host’s canonical name allows additional names/ aliases to be used to locate a computer.
RP - Responsible person for the domain.
Glossary of Terms:
Autonomous System (AS). This is a collection of networks and routers under the control of one or more entities that presents a common routing policy to the Internet. It is usually represented by the format AS11222. Each AS has a unique number assigned to it, (ASN), and is allocated by IANA. There are two type, public, (1-64511), and private (64512-65534).
Border Gateway Protocol (BGP). BGP is the routing protocol that runs the Internet as we know it today. BGP maintains an internal list IP networks encompassing metrics that allow it to determine how a network can be reached through AS. BGP makes routing decisions based on a number of factors including possible paths, network policies etc. It can also be described as a path vector protocol.
Domain Name System (DNS). DNS is a system that stores network records in an hierarchical fashion, which when queried allow the translation of domain names to IP addresses. Also included in these records are details of mail exchange servers which aids in the email process.
Layer Four Traceroute (LFT). LFT is an enhanced traceroute that when carried out provides other useful information to the user such as AS number, netblock name lookups, etc.
Name Server Lookup (nslookup). Nslookup can be used on multiple operating system platforms to query for IP information relating to a particular network or computer by utilising a DNS lookup request.
Network Node. A network node is any machine or device connected to a network.
Peering. Peering is generally referred to as an arrangement between Internet service providers (ISPs) to allow traffic to flow from each other across their proprietary boundaries and domains in exchange .
Ping. Ping is a command line tool to determine whether a particular host is alive and reachable on a remote network. Ping usually works by sending ICMP echo request packets (can be TCP aswell) to the target host hopefully eliciting an echo response reply. Typical information returned also includes the response called the round-trip time and if any of the packets have been lost in transmission between hosts.
Point of Presence (POP). POP is a physical connection point between two disparate locations.
Reverse DNS lookup (rDNS). rDNS is the reverse process of a DNS lookup, where a user already knows the IP address of a host and wishes to determine the hostname.
Routing Assets Database, (RADB). RADB is a lookup database housing a great deal of network availability information.
Traceroute (tracert). Tracert is a command line based tool utilised to determine the route taken by packets across an IP network. The route taken is is in the format of a number of hops to the target, each getting closer to the source. Various latency information is also returned to the user.
WHOIS. WHOIS is a TCP-based query/response protocol widely used for querying authoritive databases in order to determine the owner of a given domain name, IP address, or an AS.
Serbo-Croat translation by Jovana Milutinovich is available from here