Information Technology Reference
In-Depth Information
stealth scan (also known as IP half scan) against the range of addresses just obtained in the
previous step. Stealth scan is not only an attempt to identify which systems is up in a net-
work, but it also discovers the services being offered by that host. This depends upon the
way scan is performed. It may also be used in combination with a ping sweep. Ping sweep
is simply to ping each IP address in the network address range and see whether the response
comes or not. While performing a stealth scan, a hacker sends a TCP Synchronize (TCP
SYN) packet to a particular IP address and waits for the TCP SYN Acknowledgment (TCP
SYN ACK) reply. If reply comes then the hacker closes this connection before it actually
ends, by sending the TCP reset (TCP RST) packet. In some cases it prevents the hacking
attempt evidence from going into the system's log. This reset packet will not have any ef-
fect on the target host and there will be no response made by the host. If the host or system
is not up the network router where the IP address of the target host resides, will respond
with the ICMP host unreachable message. This will indicate to the hacker that this host is
not up. Here it should be noted that the reset scan only identify the existence of a host on a
network, it does not tells you what services are running on the host which stealth scan do.
Discovering the access points and open ports
After discovering the active machines in a network the next step is to discover the open
or vulnerable ports on those machines. Port scanning is one of the ways of finding out the
listening ports which are accepting connections. As most services are being run on well-
known and standard ports so this information is useful to find out the running services.
One form of port scanning is trying to have a TCP connection to each and every port on
the system. However this is quite effective, but on the other hand its quite noisy and easily
detectable. As when the connections are established the services will log the activity. To
avoid the logging there are many techniques being invented. There is also one of the most
popular port scanning tools available which are widely used, known as Nmap. This tool
was written by a very well-known hacker Fyodor. This tool have all the major techniques
for port scanning like FIN, X-mas and Null scans, spoofing Decoys, stealth SYN scan, pro-
active defense, Idle scanning (Erickson 2008).
Operating System (OS) Fingerprinting
So far in the process of gathering information we have come to know IP addresses, active
machines, and open ports. Although we have not yet come to know what operating system
are running on the machines. According to(Lopez and Hammerli 2008), OS fingerprinting
is the technique used in the network footprinting in order to determine what operating sys-
tem are running on the machines. Here we will discuss some methods used by the hackers
in the OS fingerprinting.
