Hardware and Software
In Chapters 5 and 6, I explained how information about operating systems and software components is revealed in the HTTP headers that are exchanged between the browser and server during a standard web transaction. The version numbers for each component can offer insight into how recently a computer has been updated. They also have the potential to advertise security vulnerabilities to would-be attackers.
While those data will not tell you anything about hardware , you may learn something by looking at the hostnames of machines. Reverse DNS lookups on home computers will often reveal the type of Internet connection they use. In these four examples, the first two are clearly connected via cable modems, whereas the third uses DSL. You can assume the fourth uses DSL as well, since this ISP offers only this type of connection.
CableLink44-##.INTERCABLE.net modemcable077.56-###-###.mc.videotron.ca DSL217-132-###-###.bb.netvision.net.il h-64-105-###-###.sttnwaho.covad.net
In some cases, a hostname can tell you something about the network
of which it is a part. Network administrators often name machines
according to a defined scheme. This helps them track their inventory and
can help in troubleshooting. For example, one of my collaborators has
the machine name HPEDY2K0112
. If I knew nothing about this person I might guess it was running Windows 2000 from the Y2K reference, and I might guess that it was machine ID 112 on that network. This person works in a Pediatrics ...
Get Internet Forensics now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.