Scanning for Devices, Systems, or Routes
Attack Pattern ID: 309 (Meta Attack Pattern)Typical Severity: LowStatus: Draft
+ Description

Summary

An attacker engages in scanning activity to find vulnerable network nodes, such as hosts, devices, or routes. Attackers usually perform this type of network reconnaissance during the early stages of attack against an external network. Many types of scanning utilities are typically employed, including ICMP tools, network mappers, port scanners, and route testing utilities such as traceroute.

+ Target Attack Surface

Target Attack Surface Description

Targeted OSI Layers: Network Layer Transport Layer Application Layer

Target Attack Surface Localities

Server-side

Target Attack Surface Types: Host Service

Target Functional Services

Target Functional Service 1: None
Protocol 1: Any
Related Protocol: Internet Protocol
Relationship Type
Uses Protocol
Related Protocol: User Datagram Protocol
Relationship Type
Uses Protocol
Related Protocol: lnternet Control Messaging Protocol
Relationship Type
Uses Protocol
Related Protocol: Transmission Control Protocol
Relationship Type
Uses Protocol
+ Attack Prerequisites

None

+ Resources Required

Probing requires the ability to interactively send and receive data from a target, whereas passive listening requires a sufficient understanding of the protocol to analyze a preexisting channel of communication.

+ Related Attack Patterns
NatureTypeIDNameDescriptionView(s) this relationship pertains toView\(s\)
ChildOfAttack PatternAttack Pattern289Infrastructure-based footprinting 
Mechanism of Attack (primary)1000
ParentOfAttack PatternAttack Pattern290Enumerate Mail Exchange (MX) Records 
Mechanism of Attack1000
ParentOfAttack PatternAttack Pattern291DNS Zone Transfers 
Mechanism of Attack1000
ParentOfAttack PatternAttack Pattern292Host Discovery 
Mechanism of Attack1000
ParentOfAttack PatternAttack Pattern293Traceroute Route Enumeration 
Mechanism of Attack1000
+ References
Stuart McClure, Joel Scambray and George Kurtz. "Hacking Exposed: Network Security Secrets & Solutions". 6th Edition. McGraw Hill, ISBN: 978-0-07-161374-3. 2009.
Defense Advanced Research Projects Agency (DARPA). "RFC793 - Transmission Control Protocol". 1981. <http://www.faqs.org/rfcs/rfc793.html>.
Gordon "Fyordor" Lyon. "The Art of Port Scanning". Volume: 7, Issue. 51. Phrack Magazine. 1997. <http://nmap.org/p51-11.html>.