上QQ阅读APP看书,第一时间看更新
Live host discovery
The first step is to run network ping sweeps against a target address space and look for responses that indicate that a particular target is live and capable of responding. Historically, pinging is referred to as the use of ICMP; however, TCP, UDP, ICMP, and ARP traffic can also be used to identify live hosts.
Various scanners can be run from remote locations across the internet to identify live hosts. Although the primary scanner is nmap, Kali provides several other applications that are also useful, as shown in the following table:
To penetration testers or attackers, the data returned from live host discovery will identify the targets for attack.
Run multiple host discovery scans while conducting a penetration test. Certain devices may be time-dependent. During one penetration test, it was discovered that the system administrator set up a game server after regular business hours. Because it was not an approved business system, the administrator did not follow the normal process for securing the server; multiple vulnerable services were present, and it had not received necessary security patches. Testers were able to compromise the game server and gain access to the underlying corporate network using vulnerabilities in the administrator's game server.