After mapping the network topology successfully, next thing to do for ethical hacker is to detect the possible points from which attack can be deployed on host. For this purpose host scanning is done through various methods discussed below.
It is one of the largest threat to any company’s security as this flaw can not be protected by the sue of software. Company’s personal information which is generally secured is given out by some person working inside it. Information like username and password of employee, can give primary access to the attacker, to organizational network. which can be later escalated through advanced techniques.
Hosts themselves are mapped again, which can be helpful for identifying information about the systems and services involved in it. Enumeration is done in details with OS and services running on Host’s OS.
Identification of Host and Operating Systems: Queso, nmap and ISS, Internet Scanner are some of the tools which are widely used to scan the OS and host details. These software provide all contains identification features, checking for variances in the vendor IP stacks.
Port scanning is done after successful mapping and enumeration of the host. Various tools are employed for examining TCP and UDP services running on probed systems.
E.g.: fping, hping, tcpprobe, WS PingPro Pack.
Such methods give all the technical information necessary for further attack to be carried out. Such techniques are used by hackers as well as ethical hackers to perform and analyze the attack.
There are certain types of replies that network gives from which the further network hierarchy can be tracked , analyzed and break in is performed. E.g. ICMP, TCP, SYN/ACK & RST/ACK replies. Such replies give attacker the confirmation of successful host scanning and enumeration.