Chapter 2: Scanning

OVERVIEW

If footprinting is the equivalent of casing a place for information, then scanning is equivalent to knocking on the walls to find all the doors and windows . During footprinting, we obtained a list of IP network blocks and IP addresses through whois and ARIN queries. These techniques provide the security administrator (and hacker) valuable information, including employee names and phone numbers , IP address ranges, DNS servers, and mail servers. In this chapter we will determine what systems are listening for inbound network traffic (a.k.a. alive ) and are reachable from the Internet using a variety of tools and techniques such as ping sweeps , port scans , and automated discovery tools. We will also look at how you can bypass firewalls to scan systems supposedly being blocked by filtering rules.

We will be testing each target system to see if it's alive and what, if any, ports are listening on it. We've seen many misconfigured DNS name servers that list the IP addresses of their private networks (for example, 10.10.10.0). Because these addresses are not routable via the Internet, you would have a difficult time trying to route to them. The list of reserved IP addresses includes 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16. See RFC 1918 for more information on which IP address ranges are considered unroutable (http://www.ietf.org/rfc/rfc1918.txt).

Now let's begin the next phase of information gathering: scanning.



Hacking Exposed
Hacking Exposed 5th Edition
ISBN: B0018SYWW0
EAN: N/A
Year: 2003
Pages: 127

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net