Bluffing Network Scan Tools

Posted on Posted in Hacker News, Paper

Relying on automatic tools

I have often seen tutorials or even pro pentesters relying too much, if not uniquely on automatic scanning tools. It may be due to lack of knowledge, or more often due to lack of available time. Obviously when you have 5 week days to complete a full corporate pentest, you can only do your best, and it won’t be perfect! Anyway I just wanted to write a little something to remind that automatic tools results are always interpretation of incoming data. Tools expect a certain behavior from systems, and will make some assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable time! Just a quick example, when you successfully ping a machine, so you assume it’s alive. But in fact, it just means you received and ICMP Echo Reply packet in answer to sending an ICMP Echo Request. This echo reply could have been send by another machine than the targeted one. It can be part of a tarpit strategy! Now let’s focus on some major features of security scan tools:

  • OS fingerprinting
  • Port Scanning
  • Banner grabbing


Quelle: PacketstormSecurity