Data Scavenging

Table 3-2 shows the summary information for the data-scavenging attack.

Table 3-2. Data Scavenging

Attack name

Data scavenging



Sample implementations

Network utilities: Whois, Nslookup, Finger, Traceroute, Ping

Google (



Pertinent vulnerability


Typical use

Learn IP ranges, DNS servers, mail servers, public systems, points of contact, and so forth

Attack result

Disclosure of information

Likely follow-up attack

Probing and scanning

OSI layers



Nearly impossible



Detection difficulty


Ease of use






Overall rating


Data scavenging is generally step 1 in any deliberate attack against a network. Here, the attacker uses a combination of network-based utilities and Internet search engine queries to learn as much as possible about the target company. The attack is almost impossible to detect for two main reasons:

• If the attack is using network utilities such as Ping, Traceroute, and so on, the volume of traffic is so low that it is impossible to single out the attacker. Additionally, it is hard to differentiate between legitimate use of these protocols and an attacker's use of them.

• The information gained through Whois, Nslookup, or Internet search engines is usually public information that can be learned by anyone.

Oftentimes, the information gained by the attacker comes from servers other than the victim's servers (as is the case with Whois queries). Using an Internet search engine can yield all sorts of good information as well. After a successful data-scavenging attack, the attacker might know the following about the victim network:

• IP addresses of critical systems (WWW, DNS, mail)

• IP ranges assigned to the victim

• Internet service provider (ISP) of the victim

Search Engine Manifesto

Search Engine Manifesto

Rank Your Web Pages HIGH in TOP Search Engine Popular Results For Maximum Exposure. Search Engines and How They Work Search Engines are special sites on the Web that are designed to help people find information stored on other sites.

Get My Free Ebook

Post a comment