An attacker engages in probing and exploration activity to identify
constituents and properties of the target. Footprinting is a general term to
describe a variety of information gathering techniques, often used by
attackers in preparation for some attack. It consists of using tools to
learn as much as possible about the composition, configuration, and security
mechanisms of the targeted network. Information that might be collected
during a footprinting effort could include open ports, applications and
their versions, network topology, and similar information. While
footprinting is not intended to be damaging (although certain activities,
such as network scans, can sometimes cause disruptions to vulnerable
applications inadvertently) it may often pave the way for more damaging
attacks.
Attack Prerequisites
None. Any system or network that can be detected can be footprinted.
However, some configuration choices may limit the useful information that
can be collected during a footprinting attack.
Resources Required
The attacker requires a variety of tools to collect information about the
target. These include port and network scanners and tools to analyze responses
from applications to determine version and configuration information.
Footprinting a system adequately may also take a few days if the attacker wishes
the footprinting attempt to go undetected.
Vision and Technical Leadership provided by Cigital, Inc.
This Web site is hosted by The MITRE Corporation.
Copyright 2009, The MITRE Corporation. CAPEC and the CAPEC logo are trademarks of The MITRE Corporation.
Description
