|
⇤ ← Revision 1 as of 2010-02-02 18:20:29
Size: 84
Comment:
|
Size: 1375
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 4: | Line 4: |
=Hacking Exposed Chapter 2: Scanning= Scanning is a method of determining if a determining what system and services are running on a machine ==Determining if the System is Alive= ===Network Ping Sweeps=== Network ping sweeps are used to find active systems on a network. They ork by using ICMP to ping every IP address on a network. If a system responds, you know it's there. Tools used to do network ping sweeps include fping on *Nix systems and nmap Windows systems. Detecting a ping sweep is important to maintain security. Snort can be used to detect ping sweeps, and most commercial network and desktop firewalls can detect ping sweeps. Preventing a ping sweep can be done by evaluating the ICMP traffic that you allow into your network ===ICMP Queries=== ICMP Queries are used as a scanning technique that takes advantage of the expected default replies to different types of ICMP traffic. To defend against ICMP queries, it is possible to block the ICMP types that give out information at your border routers ==Determining Which Services are Running or Listening== ===Port Scanning=== After finding responsive systems, an attacker will typically attempt to determine which services are running on a machine. One technique used to do so is port scanning. |
Back to Cptr427Winter2010
=Hacking Exposed Chapter 2: Scanning= Scanning is a method of determining if a determining what system and services are running on a machine
==Determining if the System is Alive= ===Network Ping Sweeps===
- Network ping sweeps are used to find active systems on a network. They ork by using ICMP to ping every IP address on a network. If a system responds, you know it's there. Tools used to do network ping sweeps include fping on *Nix systems and nmap Windows systems.
Detecting a ping sweep is important to maintain security. Snort can be used to detect ping sweeps, and most commercial network and desktop firewalls can detect ping sweeps. Preventing a ping sweep can be done by evaluating the ICMP traffic that you allow into your network
===ICMP Queries=== ICMP Queries are used as a scanning technique that takes advantage of the expected default replies to different types of ICMP traffic.
To defend against ICMP queries, it is possible to block the ICMP types that give out information at your border routers
==Determining Which Services are Running or Listening== ===Port Scanning=== After finding responsive systems, an attacker will typically attempt to determine which services are running on a machine. One technique used to do so is port scanning.