Chapter 3 - Enumeration and Scanning Your Network

Abstract

This chapter discusses the ways to scan or apply penetration tests to systems to check weaknesses that may already exist or may develop. Penetration testing one's own network helps to see potential weaknesses through the eyes of an attacker, and to close up the holes. The scanning phase helps to gather information about the network's purpose, specifically what ports it offers, and the information gathered during this phase is used to determine the operating system of the target devices. Enumeration is listing and identifying the specific services and resources that are offered by a network. It can be performed by starting with a set of parameters, like an IP address range, or a specific Domain Name Service (DNS) entry, and the open ports on the system. The goal for enumeration is a list of services that are known and reachable from one's source; these help in deeper scanning, including security scanning and testing, the core OS penetration testing. The easiest way to check the status of a port is a banner grab. Upon connecting to a service, the target's response is captured and compared to a list of known services. The goal of system fingerprinting is to determine the operating system version and type. There are two common methods of performing system fingerprinting, active and passive scanning. Various tools that aid in the scanning phase of an assessment are Fyodor's nmap, unicornscan port scan, scanrand: port scan, etc.