Common Attack Pattern Enumeration and Classification
A Community Resource for Identifying and Understanding Attacks
An attacker engages in scanning activity to find vulnerable software versions or types, such as operating system versions or network services. Vulnerable or exploitable network configurations, such as improperly firewalled systems, or misconfigured systems in the DMZ or external network, provide windows of opportunity for an attacker. Common types of vulnerable software include unpatched operating systems or services (e.g FTP, Telnet, SMTP, SNMP) running on open ports that the attacker has identified. Attackers usually begin probing for vulnerable software once the external network has been port scanned and potential targets have been revealed.
Target Attack Surface Description
Targeted OSI Layers: Network Layer Transport Layer Application Layer
Target Attack Surface Localities
Target Attack Surface Types: Host Service
Target Functional Services
Skill or Knowledge Level: Medium
To probe a system remotely without detection requires careful planning and patience.
Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication.
[R.310.1] [REF-20] Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". Chapter 2: Scanning, pg. 56. 6th Edition. McGraw Hill. 2009.
[R.310.2] [REF-21] Defense Advanced Research Projects Agency Information Processing Techniques Office and Information Sciences Institute University of Southern California. "RFC793 - Transmission Control Protocol". Defense Advanced Research Projects Agency (DARPA). September 1981. <http://www.faqs.org/rfcs/rfc793.html>.
More information is available — Please select a different filter.