| Summary: |
Once the passive reconnaissance phase is over, a penetration tester can initiate the Scanning phase. This is the active attempt to connect to a system to elicit a response and determine the services running on it. Scanning is often also defined as Active Reconnaissance and typically enables the attacker to establish information about IP addresses, services running on a computer and operating systems.
The main objective of scanning is to probe ports, keeping track of open TCP/IP ports that would be receptive to hacking and establish applications vulnerable to hacking.
Scanning is a 3-step sequence process [1]:
1. Locating a live system in a network.
2. Scanning the system for open ports and running services.
3. Scanning the system for vulnerabilities.
Scanning can also be used to identify/detect the target operating system (fingerprinting)
The three steps are defined as follows:
• Network Scanning – checks live IP addresses. This is a procedure for identifying active hosts on a network.
• Port Scanning - determines open ports and active services in each of the identified live hosts. A series of messages are sent to a computer to learn which network services and associated "well-known" port number are running.
• Vulnerability Scanning – The active services are scanned for vulnerabilities to determine the presence of known flaws. |
Loading previews...
