CISC 7050 Lecture Notes - Lecture 3: Ping Sweep, Port Scanner, Netcat

Is detailed examination of target systems: scanning involves transient contact, enumeration involves establishing connections & directed queries. Info typically gathered: user account names, misconfigured shared resources, Os versions, software version & patch state, ip addresses & hostnames: platform specific (interaction depends on target service/system, goal: interact w/ system/network to obtain as much info as possible. External vs internal scanning: external scanning perspective is looking at it from access perspective of any other attacker vs. org"s network, external scanning typically takes into account firewalls. Internal scanning assumes you have access to network already. Lowest hanging fruit: determine fruit by iding host w/ most ports open & looking for easiest attack w/ info given. Active reconnaissance tools: netcat is most basic network protocol which can be used in number of different ways, can be used for enumeration (connecting directly to port & interacting w/ it, used as port scanner) & creating listener.