Page 1492 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 1492
Reconnaissance Attacks
While malicious code often relies on tricking users into opening or
accessing malware, other attacks directly target machines. Performing
reconnaissance can allow an attacker to find weak points to target
directly with their attack code. To assist with this targeting, attacker-
tool developers have created a number of automated tools that
perform network reconnaissance. In the following sections, we’ll cover
three of those automated techniques—IP probes, port scans, and
vulnerability scans—and then explain how these techniques can be
supplemented by the more physically intensive dumpster-diving
technique.
IP Probes
IP probes (also called IP sweeps or ping sweeps) are often the first
type of network reconnaissance carried out against a targeted network.
With this technique, automated tools simply attempt to ping each
address in a range. Systems that respond to the ping request are
logged for further analysis. Addresses that do not produce a response
are assumed to be unused and are ignored.
The Nmap tool is one of the most common tools used to
perform both IP probes and port scans. It’s available for free
download from www.nmap.org.
IP probes are extremely prevalent on the internet today. Indeed, if you
configure a system with a public IP address and connect it to the
internet, you’ll probably receive at least one IP probe within hours of
booting up. The widespread use of this technique makes a strong case
for disabling ping functionality, at least for users external to a
network.
Port Scans
