Reconnaissance Attacks

The reconnaissance attack term is misleading. The goal of this type of attack is actually to perform reconnaissance of a system or network, and the goal of the reconnaissance is to determine the makeup of the targeted system or network and to search for and map any vulnerabilities. A reconnaissance attack indicates potential for other more invasive attacks. Many reconnaissance attacks have been written into scripts that enable novice hackers or script kiddies to launch attacks on networks with a few mouse clicks. The following list identifies the more common reconnaissance attacks:

• DNS queries A DNS query can provide a tremendous amount of information about an organization because the DNSs are designed to resolve IP address space to DNS names. DNS information is publicly available and simple to query. The two most informative DNS queries are the "DNS lookup" and the "whois query." The DNS lookup provides you with the specific IP address information for servers using a specific domain name. A whois query of the DNS system provides the unauthorized user with the following information:

- Organization name

- Organization ID (assigned by the American Registry of Internet Numbers)

- Street address

- Assigned public IP address space

- Public name server addresses

- Technical contact name, telephone number, and e-mail address

• Ping sweep The output from a ping sweep can tell the unauthorized user the number of hosts active on a network.

• Vertical scans Vertical scans scan the service ports of a single host and request different services at each port. This method enables the unauthorized user to determine which type of operating system is running and which services are running on the system.

• Horizontal scans Horizontal scans scan an address range for a specific port or service. A common horizontal scan is the FTP sweep, which is the process of scanning a network segment searching for replies to connection attempts on port 21.

• Block scans Block scans are a combination of the vertical and horizontal scans. In other words, they scan a network segment and attempt connections on multiple ports of each host on that segment.

0 0

Post a comment