Identifying the attack path
As mentioned in many books, including this one, people often forget about UDP. Often, this is partly because the response from scans against UDP services often lies. Return data from tools such as nmap
and scapy
can provide responses for ports that are actually open, but reported as Open|Filtered
.
Understanding the limitations of perimeter scanning
As an example, research on a host indicates that a TFTP server may be active on it based on the descriptive banner of another service, but scans using nmap
point to the port as open|filtered
.
The following figure, shows the response for the UDP service TFTP as open|filtered, as described preceding, even though it known to be open:
This means that the port may actually be open, ...
Get Learning Penetration Testing with Python now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.