The attacker must perform electronic reconnaissance to find
what systems and resources are on the network. Unless the attacker has prior
knowledge of the target network, he or she must find where the company resources
are logically located. Once the company IP addresses are known (see the
preceding section, “Public Information”), the attacker can begin to probe and
scan the network. The intruder can scan the network looking for vulnerable
hosts, applications, or infrastructure equipment.
Scanning the network is typically done using a ping sweep utility that pings a range of IP addresses. The
purpose of this scanning is to find what hosts are currently live on the
network. The ping sweep identifies viable targets on the network. Once the IP
address of viable hosts is known, the attacker can then begin to probe those
hosts to gather additional information, such as the OS or applications running
on those hosts.
Probing is attempting to discover
information about the hosts that are on the network. Probing is accomplished by
looking for open ports on the available host computers. Ports are like virtual doorways to the computer. For a
computer to offer or use services on the network, it must first have an open
port. Web servers typically use port 80, while FTP servers use port 21. An
attacker can find out what services are running on a computer by discovering
what ports that computer has opened.
TCP/IP uses port addresses to locate services running on host
computers. The port numbers used by an application are that application’s
address on that host. The address for a web application located on host 10.0.0.1
would be 10.0.0.1:80. This address specifies the host address 10.0.0.1 and the
application address of 80. Most common applications use well-defined port
numbers. A list of well-known port numbers managed by the Internet Assigned
Number Authority (IANA) can be viewed at http://www.iana.org/
assignments/port-numbers.
The more ports that are open, the more potential for someone to
exploit the services running on the host computer. Once the attacker knows which
ports are open, he/or she can use this information further to discover the OS
and the application servicing the port.
The purpose of this scanning and probing is to find
weaknesses on the network. Intruders know the vulnerabilities of certain OSs and
the applications they run. The intruder increases his or her chance of
succeeding by finding the weakest point on the network and later attacking that
vulnerability. The attacker continues to discover information about the network
until they have a complete map of the hosts, servers, and weaknesses to exploit
in the future.
Sections
Comments (0 posted)
Syndication
