Attackers use a method called scanning before they attack a network. Scanning can be considered a logical extension (and overlap) of active reconnaissance since the attacker uses details gathered during reconnaissance to identify specific vulnerabilities. Often attackers use automated tools such as network/host scanners and war dialers to locate systems and attempt to discover vulnerabilities.
An attacker follows a particular sequence of steps in order to scan any network, and the scanning methods may differ based on the attack objectives which are set up before the attackers actually begin this process.
Attackers can gather critical network information such as the mapping of systems, routers, and firewalls with simple tools like Traceroute. They can also use tools like Cheops to add sweeping functionality along with what Traceroute renders.
Port scanners can be used to detect listening ports to find information about the nature of services running on the target machine. The primary defense technique against port scanners is to shut down unnecessary services. Appropriate filtering may also be adopted as a defense mechanism, but attackers can still use tools to determine filtering rules.
The most commonly used tools are vulnerability scanners that can search for several known vulnerabilities on a target network and potentially detect thousands of vulnerabilities. This gives attackers the advantage of time because they only have to find a single means of entry while the systems’ professional has to secure many vulnerable areas by applying patches. Organizations that deploy intrusion detection systems still have reason to worry because attackers can use evasion techniques at both the application and network levels.
Certified Ethical Hacker v7