Passive attack gathering is one of the Pre-attack stage where attacker collects information about his victim.
It is also known as footprinting.This attack is done on big organization having very large network.
It is the method by which we collect information about structure under organizational network. We sort of predict the flow of network by collecting information indirectly.
Following information we dig in PAG (Passive attack Gathering)
1. Domain Name Queries
2. Detect owner information (Addresses and phone Numbers)
3. Locate Network Ranges
4. Detect Open Ports & Active Machines
5. Reveals services on the network
6. Detect Operating systems
7. And Finally creates Network Map
All the above mentioned processes are done by means of enumerating and scanning soft wares as well as by the use of search engines.
Who is :
By performing who is query we can collect information about owner of domain name and his details.
It is a program that diagnose domain name to find sensitive information about additionally takes IP addresses , MX records which can detect mail servers on the network.
It can operated in both Unix and Windows.
ARIN: It stands for American Registry of Internet Numbers. It allows us to search who is databse freely unknowing of the victim.
we can also find related points of contact (POC) and autonomous system numbers (ASN) through its database.
Trace Route and Neo Trace:
By this we can trace the routes that UDP and TCP packets are following between two addresses which can give us idea about the map of the network.
Neo Trace allows us to see this trace route output graphically (visually), which makes it more easy to map the network.
This software provides high level access to internal network data and reveals ‘who is connected’ and ‘what types are services are being used.’
Also gives out number of active connection and type of connection (Inbound or Outbound)
Email Tracker Pro :
Its a tool that enables to analyse the email sent , its route and gives out its headers information by using a simple graphical interface.
All above mentioned queries are performed indirectly before enumeration and scanning which are not performed directly by attack. Therefore it is known as Passive Attack Gathering.