Attackers Target Aquisition- Footprinting

[Times]

Thief gathers all the information before his attempt of theft. Likewise, network attacker first of all gathers information about our hosting business security posture.
1. What kind of systems do we have connected with the Internet - UNIX, NT or NETWARE. By using combination of various tool and technology, he could be able to know the specific range of domain names, network blocks, individual IP addresses of the systems connected to the Internet, ACL's, IDSes and system enumeration.
2. Information about the web server and their versions- Apache or IIS.
3. Latest USENET postings about company using search query "@our_company.com", who has posted them, what is their profiles.
4. If he finds that the administrator has very little knowledge about security issues, then he issues few queries to the ARIN database using his LINUX box and determines the exact network block a web-hosting company owns.
5. Using the ping sweep utility, he begins to map Internet presence.
6. To find out which ports are open, he uses string of commands into nmap.
7. He will then enumerate things to find out the vulnerability.

[1R1]

Hi,

Do you know, wget provides a great utility to mirror entire website and there are search engines, like Alta Vista and Hotbot, which can search for all the sites, which have links back to the targeted domain.