Skip to content

Latest commit

 

History

History
56 lines (45 loc) · 3.19 KB

scanning-networks-overview.md

File metadata and controls

56 lines (45 loc) · 3.19 KB

Scanning networks overview

  • Process of obtaining additional information about hosts, ports and services in network
  • More detailed reconnaissance
  • Purpose is to identify vulnerabilities in communication channels and then create an attack plan.
  • Different techniques are used to identify hosts, ports, and services in the target network.
  • Used by administrators to verify security policies, monitoring uptime etc.
  • Can craft custom packets using different tools

Scanning types

  • Port scanning: to list open ports and services
  • Network scanning: to list IP addresses
  • Vulnerability scanning: to discover the presence of known vulnerabilities

Scanning in IPv6 Networks

  • IP supports more addresses
    • Bigger search space
    • More difficult and complex than IPv4
    • Harder to do ping sweeps
  • Supports large number of hosts in a subnet.
    • Probing takes longer time
  • 💡 Attacker should find addresses from logs, e-mails, traffics etc. to identify addresses.

Common ports to scan

Drawing and mapping out network topologies

  • Useful for identifying and understanding the topology of the target network.
    • The diagram can tell the attacker how firewalls, IDSes, routers, and other devices are arranged in the network
  • Information can be used for vulnerability discovery and exploit.
  • A popular tool is zenmap: A GUI for nmap
    • zenmap screenshot
  • E.g. scanning network in a coffee shop. Run ipconfig (windows) to get private IP address and subnet range. Then you can scan and create a map.