Network Scanning
Introduction
In this session we will examine the purpose of network scanning -
covering various network mapping tools and techniques, and how best
to employ them.
Stealth
In a real world situation, stealth is a vital element for two main reasons:
• Eliminating suspicion - An attacker does not want to arouse
suspicion for this could lead to a more vigilant inspection of the
network activity.
• Remaining unnoticed - An attacker does not wish to announce his
presence to the system administrators as this could result in a
tightening of network security.
A skilful cracker will therefore use the stealthiest tools and techniques
available to minimize the likelihood of discovery. There are a variety of
techniques that an attacker can deploy to increase their stealth,
including:
• Scanning over a long period of time.
• Avoiding programmed thresholds in security tools.
• Manual inspection of log files.
Different operating modes of tools also have different levels of stealth.
Each tool and technique discussed in this module has therefore been
rated on its level of risk of discovery.
• High Risk - A very visible technique.
• Medium Risk - A technique subject to discovery by a skilled
administrator or well configured security device.
• Low Risk - An almost undiscoverable attack.
No comments:
Post a Comment