Chapter 5. Performing Host Reconnaissance

Previous page
Table of content
Next page
 < Day Day Up > 

Take advantage of the enemy's unreadiness, make your way by unexpected routes, and attack unguarded spots.

Sun Tzu

The Duke of Wellington, who fought Napoleon at Waterloo, once said, "The most difficult part of warfare was seeing what was on the other side of the hill." Wellington realized that success at war meant more than combat; it also involved secrecy and reconnaissance.

Malicious hackers also value reconnaissance as the first step in an effective attack. For them, seeing what is on the "other side of the hill" is crucial to knowing what type of attack to launch. Launching attacks pertaining to UNIX vulnerabilities if the target is running only Microsoft servers makes no sense. A little time spent investigating saves a lot of time during the penetration attack. A malicious hacker might scope out a target for months before attempting to breach its security.

Although penetration testers might not always have the luxury of time that a malicious hacker might have, they do recognize the value of reconnaissance. The goal of reconnaissance is to discover the following information:

  • IP addresses of hosts on a target network

  • Accessible User Datagram Protocol (UDP) and Transmission Control Protocol (TCP) ports on target systems

  • Operating systems on target systems

Figure 5-1 illustrates the process of unearthing this information.

Figure 5-1. Passive and Active Reconnaissance


Passive reconnaissance, as the figure shows, involves obtaining information from user group meetings, websites, Edgars' database, UUNet newsgroups, business partners, dumpster diving, and social engineering. Passive reconnaissance takes patience, but it is the most difficult for the target company to detect. Active reconnaissance, in contrast, involves using technology in a manner that the target might detect. This could be by doing DNS zone transfers and lookups, ping sweeps, traceroutes, port scans, or operating system fingerprinting. After you gather the information, you create a network map that diagrams the live hosts, their open UDP and TCP ports (which offers hints to the type of applications running on the hosts), and their respective operating systems. This information forms the skeleton to knowing what type of attacks to launch.

In this chapter, you learn how to discover live hosts on your target network using these various information-gathering techniques. Using port-scanning tools, you also learn how to determine the operating systems and open TCP and UDP ports on your target hosts. Finally, you learn best practices for the detection and prevention of reconnaissance techniques.

     < Day Day Up > 

    Previous page
    Table of content
    Next page
    Penetration Testing and Network Defense
    Penetration Testing and Network Defense
    ISBN: 1587052083
    EAN: 2147483647
    Year: 2005
    Pages: 209
    Authors: Andrew Whitaker, Daniel Newman
    BUY ON AMAZON
    Kanban Made Simple: Demystifying and Applying Toyotas Legendary Manufacturing Process
    The Complete Cisco VPN Configuration Guide
    Visual C# 2005 How to Program (2nd Edition)
    The Java Tutorial: A Short Course on the Basics, 4th Edition
    Visual Studio Tools for Office(c) Using C# with Excel, Word, Outlook, and InfoPath
    Quantitative Methods in Project Management
    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net
    Privacy policy