Determine domain and IP address space

Domain Names are the human readable names used to represent one or more IP addresses. IP addresses are the unique identifier of computing devices on a network. Both pieces of information are valuable to an adversary who is looking to understand the structure of a network. [1]

ID: T1250
Sub-techniques:  No sub-techniques
Tactic: Technical Information Gathering
Version: 1.0
Created: 14 December 2017
Last Modified: 17 October 2018


Detectable by Common Defenses (Yes/No/Partial): No

Explanation: Public or easily obtainable information by design.

Difficulty for the Adversary

Easy for the Adversary (Yes/No): Yes

Explanation: AS and IANA data are easily available, existing research tools.


  1. Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.