What are Scanning Attacks?
Scanning in ethical hacking is a network exploration technique used to identify the systems connected to an organization’s network. It provides information about the accessible systems, services, and resources on a target system. Some may refer to this type of scan as an active scan because it can potentially disrupt services on those hosts that are susceptible. Scanning is often used during vulnerability assessment when probing weaknesses in existing defenses.
There are two ways of scanning:
- Active Scanning
- Passive Scanning
Scanning is more than just port scanning, but it is a very important part of this process. Scanning allows you to identify open ports on the target system and can be used for port mapping, performing an interactive session with the operating system via those ports, or even redirecting traffic from these open ports. There are many tasks that can be performed with a scanning tool.
Scanning can be as simple as creating a list of IP addresses and netmasks to scan all the active addresses on the network. This is called a ping sweep. Another method is performing a syn port scan, which is an active scan that sends TCP SYN packets to ports on the target system waiting for a reply. A syn port scan sends TCP SYN packets to ports that are open and waiting for replies, and an RST packet when it grants an RST/ACK (meaning that the port is closed). An example of open ports could be telnet and FTP, which are used by default.
Types of Scanning Techniques:
- TCP connect scan: This is a scan that sends TCP SYN packets to each port on the target system, waiting for an RST/ACK. This is a steal their type of scan because it does not show the open ports on the target system. The last port that responds is its open port, and you can use this to your advantage to determine which ports are open.
- TCP syn port scan: This is a similar type of scan, but the packets are TCP SYN packets and not TCP ACK. This type of scan sends packets to ports that are open and waiting for a reply.
- Network Scanning: Network scanning is used to identify the devices and services that are running on a target network, determine their operating systems and software versions, and identify any potential security risks or vulnerabilities. Network scanning can be performed manually or automated using software tools, and can target specific systems or an entire network.
- Vulnerability Scanning: Vulnerability scanning is a process of identifying, locating, and assessing the security vulnerabilities of a computer system, network, or application. This process is performed using automated software tools that scan for known vulnerabilities, as well as weaknesses in the configuration or implementation of the system being tested.
Scanning attacks are performed by cybercriminals or malicious actors for several reasons, including:
Information Gathering: The primary purpose of a scanning attack is to gather information about a target system or network. This information can be used to plan and execute a more sophisticated attack, such as a distributed denial of service (DDoS) attack or a data breach.
Vulnerability Identification: Scanning attacks can be used to identify vulnerabilities in a target system or network. These vulnerabilities can then be exploited to gain unauthorized access, steal sensitive information, or cause harm to the target.
Network Mapping: Scanning attacks can be used to map out a target network, including its infrastructure, servers, and devices. This information can be used to plan and execute a more sophisticated attack, such as a DDoS attack or a data breach.
Active scanning is a type of network scanning technique that is used to gather information about a target system or network. Unlike passive scanning, which only gathers information that is readily available, active scanning actively interacts with the target system to gather information.
It involves sending requests or packets to a target system and analyzing the responses to gather information about the target. This type of scanning is more aggressive and intrusive than passive scanning and is often used to identify vulnerabilities and weaknesses in a target system or network.
It can be performed using a variety of tools and techniques, including port scanning, vulnerability scanning, and penetration testing. Port scanning involves sending requests to specific ports on a target system to determine which ports are open and which services are running. Vulnerability scanning involves identifying known vulnerabilities in a target system and attempting to exploit them.
The goal of active scanning is to gather as much information as possible about a target system or network. This information can be used to plan and execute a more sophisticated attack, such as a distributed denial of service (DDoS) attack or a data breach.
While active scanning can provide valuable information about a target system or network, it can also pose a security risk. Active scanning can generate a large amount of network traffic and put a strain on target systems, potentially causing service disruptions or system crashes. Additionally, active scanning can trigger security measures, such as firewalls or intrusion detection systems (IDS), which can alert organizations to the presence of an attacker.
Passive scanning is a type of network scanning technique that is used to gather information about a target system or network without actively interacting with the target. Unlike active scanning, which sends requests or packets to the target and analyzes the responses, passive scanning only gathers information that is readily available, such as information transmitted over the network or stored in system logs.
It is used to gather information about a target system or network for a variety of purposes, including network mapping, vulnerability assessment, and compliance testing. By analyzing network traffic and system logs, passive scanning can provide valuable information about a target’s infrastructure, servers, and devices, as well as the types of services and applications that are running.
One of the benefits of passive scanning is that it is less intrusive and less likely to trigger security measures, such as firewalls or intrusion detection systems (IDS), than active scanning. As a result, passive scanning can provide organizations with valuable information about their systems and networks without putting them at risk.
However, passive scanning is also limited in its ability to gather information compared to active scanning. Passive scanning can only gather information that is readily available and cannot actively probe a target system or network for vulnerabilities or weaknesses.
There are three conditions that allow an attacker to utilize the scanning techniques:
- Physical access to the target system: Using a port scanner or ping sweep, you can locate open ports.
- Vulnerable target software: An application may have vulnerabilities that allow you to use a TCP connect scan or an SYN flood attack.
- Administrator privileges on the target system (Windows); In order for an attacker to perform an SYN flood attack, he must have administrator privileges on the target system.
Types of Port Scanners:
There are several port scanning or checking methods, Some of them are given below:
- Ping scans: A ping is used to check if a network packet can reach an IP address without any problems. Ping scanning involves the automatic transmission of multiple ICMP requests to different servers.
- Half-open or SYNC scans: Attackers can check the status of a port without creating a full connection by using semi-open scanning, commonly known as SYN scanning. This type of analysis simply transmits an SYN message and does not establish a connection with the receiver.
- XMAS scans: XMAS scan sends some packets to a port to check if it is open or not. If the port is closed, the scanner will receive a response. If there is no response, the port is open and can be used to access the network.
The best option to prevent getting scanned is to block the scanning packets.
- For TCP connect scan, blocking ACK packets from entering your network.
- For an SYN flood attack, you can use an SYN cookie or SYN proxy, which will be discussed in the next session.
Scanning can be considered a logical extension (and overlap) of active reconnaissance that helps attackers identify specific vulnerabilities. It’s often that attackers use automated tools such as network scanners and war dialers to locate systems and attempt to discover vulnerabilities.
Please Login to comment...