SCANS Flashcards
heavily enable reconnaissance, and information gathering. This intelligence can reveal vulnerabilities that cyber threat attackers can exploit and use as attack surfaces
Scanning and enumeration
is the process of collecting information without performing any analysis to identify a host, or obtain more details on a host.
Scanning
is performing cursory analysis on the data collected from scanning to identify one or more hosts, or gathering more information on a host to discover additional details on the target. The goal of _______ is to establish a numeric understanding of the target and enables the identification and collection of important information about the target
Enumeration
Successful enumeration and scanning can reveal possible ___________ and provide insight on the vulnerabilities that our targets attack surfaces are exposed to.
Attack Surfaces
are the set of points on the boundary of a system, a system element, or an environment where an attacker can try to enter, cause an effect on, or extract data from.
Attack surfaces
is any weakness that exists within a targets device, software and/or network that can be exploited in order to deliver a payload and cause harm to the target.
Vulnerability
Characteristics of scanning and enumeration: is the recording, aka sniffing, and analysis of packet streams to determine hosts and network characteristics
Passive fingerprinting
- Passive collections will leave little to no evidence of the scans being performed by not interacting with host machines on the network.
- This technique avoids the 4 D’s (deny, degrade, destroy, disrupting) to the network and host machines, and prevents alerts from occurring
Characteristics of scanning and enumeration: are a grouping of information that can be used to identify the software, network protocols, operating systems and the hardware that may be in use on a network
Fingerprints
What process focuses on establishing a numerical understanding to collected information pertaining to a target network?
enumeration
What is the process of collecting information without performing any analysis to identify or obtain more details on a host?
Scanning
is the process of sending normal or malformed packets to a target, and monitoring it’s response.
involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.
Active fingerprinting
Analyzing the target’s response may help fingerprint the target and determine the security measures that may have been placed. Pertaining to port scanning, 1 of 3 responses will be received:
- Open, Accepted – host responds and awaits further instructions
- Closed, Not Listening – port currently in use and unavailable
- Filtered, Dropped, Blocked – host does not respond
involve interaction with network machines, which may alert users on the network through logs, alerts, or artifacts left behind.
Active scans/fingerprinting
Some Active Fingerprinting tools that an attacker may use to gather information on a target network, include the following:
- NMAP
- Xprobe2
- CronOS
What fingerprinting method is considered to be more overt? Active or Passive?
Active
What three responses are provided when port scanning?
- open
- closed
- filtered
Port and Service Identification
is part of the fingerprinting process. In the client-server communication relationship, the client has the ability to request one or more services from a server.
Port and Service Identification: that are identified when analyzing network traffic between a server and client, can often reveal what services a client may be requesting from a server, and allows the client to know what services the server is sending back to the client
port numbers
Port and Service Identification: caution
Remember, the ports may be set or modified by the administrator. An example of this would be if port 22 (ssh) was changed to port 2222 for security measures
Analyzing what, can reveal services that a client is requesting from the server?
port numbers
True or False: Port numbers are always static
false
Port and Service Identification
These common ports are associated with certain host machines and servers
is a tool used to discover live hosts, services, network inventory, managing service upgrade schedules, monitoring host or service uptime, filters/firewalls, or specific operating systems by analyzing the response from the raw IP packets sent to a target system
Nmap
Angry IP Scanner advantages
- The biggest advantages to Angry IP Scanner is the ease of use and flexibility that it provides to the user as a tool. Angry IP allows for the saving of favorite IP ranges, utilizes an easy to use GUI, uses multi-threaded scanning for faster response times and provides flexibility when exporting results into a CSV, TXT or XML file format.
- This flexibility is also seen in the open source nature of the tool, which allows for easy customization of the source code, as well as the ability to use additional plug-ins to provide greater information returns.
