Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker sends a probe to an IP address to determine if the host is alive. Host discovery is one of the earliest phases of network reconnaissance. An attacker usually starts with a range of IP addresses belonging to a target network and uses various methods to determine if a host is present at that IP address. Host discovery is usually referred to as 'Ping' scanning using a sonar analogy. The goal of the attacker is to send a packet through to the IP address and solicit a response from the host. As such, a 'ping' can be virtually any crafted packet whatsoever, provided the attacker can identify a functional host based on its response. An attack of this nature is usually carried out with a 'ping sweep' where a particular kind of ping is sent to a range of IP addresses.
Target Attack Surface Description
Targeted OSI Layers: Network Layer Transport Layer
Target Attack Surface Localities
Target Attack Surface Types: Network Host
The resources required will differ based upon the type of host discovery being performed. Usually a scanner or scanning script is required due to the volume of requests that must be generated.
[R.292.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 1: Footprinting, pp.44. 6th Edition. McGraw Hill. 2009.
[R.292.2] [REF-22] Gordon "Fyodor" Lyon. "Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning". Section 3.6 Host Discover Techniques, pg.57. 3rd "Zero Day" Edition,. Insecure.com LLC, ISBN: 978-0-9799587-1-7. 2008.
More information is available — Please select a different filter.