Ping Sweeps and Port Scanning
CHAPTER ONE
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
Gathering information about a remote system is often considered the first step an "intelligent hacker” takes in launching an attack against or gain privileged access to a target machine. Intelligence gathered in this research can provide useful information about vulnerabilities or misconfigurations that can be successfully exploited by the potential intruder. The more a hacker knows about a particular system (e.g. the operating system (OS), the hardware architecture and services that are running), the greater are his or her chances of launching a successful attack. By knowing the operating system and system type, a hacker can do a little research and come up with a list of known vulnerabilities.
A series of steps that an "intelligent hacker" would take in this intelligence gathering attempt: include; * Foot printing: this phase involves gathering as much information as possible on the target from authorized source of information (internet protocol (IP) address ranges, domain name system (DNS) servers, mail servers); * Scanning: this phase involves determining which hosts in the targeted network are alive and reachable (through ping sweeps), which services they offer (through port scanning) and which operating systems they run (operating system (OS) fingerprinting); * Enumeration: this phase involves extracting valid accounts or exported resources, system banners, routing tables, simple network management protocol (SNMP) information, etc.
The second phase has an impact particularly strong on all networks since the number of automated scanners is constantly increasing and so is this type of traffic on the borders of every network.
Almost any system administrator of a large network will tell you that their network has been probed before. As cracking tools become more popular and increase in number, this trend is likely to continue. Although network probes are technically not intrusions
INTRODUCTION
1.1 BACKGROUND OF THE STUDY
Gathering information about a remote system is often considered the first step an "intelligent hacker” takes in launching an attack against or gain privileged access to a target machine. Intelligence gathered in this research can provide useful information about vulnerabilities or misconfigurations that can be successfully exploited by the potential intruder. The more a hacker knows about a particular system (e.g. the operating system (OS), the hardware architecture and services that are running), the greater are his or her chances of launching a successful attack. By knowing the operating system and system type, a hacker can do a little research and come up with a list of known vulnerabilities.
A series of steps that an "intelligent hacker" would take in this intelligence gathering attempt: include; * Foot printing: this phase involves gathering as much information as possible on the target from authorized source of information (internet protocol (IP) address ranges, domain name system (DNS) servers, mail servers); * Scanning: this phase involves determining which hosts in the targeted network are alive and reachable (through ping sweeps), which services they offer (through port scanning) and which operating systems they run (operating system (OS) fingerprinting); * Enumeration: this phase involves extracting valid accounts or exported resources, system banners, routing tables, simple network management protocol (SNMP) information, etc.
The second phase has an impact particularly strong on all networks since the number of automated scanners is constantly increasing and so is this type of traffic on the borders of every network.
Almost any system administrator of a large network will tell you that their network has been probed before. As cracking tools become more popular and increase in number, this trend is likely to continue. Although network probes are technically not intrusions