Chapter 4. Detecting Live Systems

This chapter examines the tools, techniques, and methods used for detecting live systems. Port scanning is one the most widely used methods of service and system identification. Just consider the fact that before a system can be attacked, it must be identified. As an example, an attacker may have an exploit that works against a Microsoft IIS server. Targeting an Apache server would be useless. So, the attacker must first identify that the targeted computer actually is running IIS. To make our analysis more true to life, we should assume that exploit may only work against IIS v5. If this is the case, knowing that a system is running Microsoft software may still not be enough. The attacker needs to know that the service is specifically IIS v5. This is where the power of port scanning comes in. Port scanning can not only identify ports but, depending on the tool that is used, also provide information about the possible service running on that open port.

While you will want to have port-scanning tools in your security lab, you also must understand how the tools work. In case port scanning doesn't work, you should also know of other tools and techniques used to analyze network devices and determine what services are open. These techniques include wardialing and wardriving.

Detecting Active Systems

Detecting active systems can involve more than just port scanning. Alternative techniques include wardialing, wardriving, and using Internet Control Message Protocol ...

Get Build Your Own Security Lab: A Field Guide for Network Testing now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.