Determining What Tools to Use
Key Terms
Active fingerprint
An active method of identifying the OS of a targeted computer or device.
File type
Search for non-HTML file formats including .pdf, .doc, .ppt, and others.
Gentle scan
A type of vulnerability scan that does not present a risk to the operating network infrastructure.
IANA
A primary governing body for Internet networking. IANA oversees three key aspects of the Internet: top-level domains (TLDs), IP address allocation, and port number assignments. IANA is responsible for preserving the central coordinating functions of the Internet for the public.
Internet Control Message Protocol (ICMP)
Part of TCP/IP that supports diagnostics and error control. Ping is a type of ICMP message.
Intitle
If you include [intitle:] in your query, search engines such as Google will restrict the search to documents containing the specified word or phrase in the title.
Intrusion Detection System (IDS)
IDS systems inspect all inbound and outbound network activity and identify suspicious patterns or unusual types of traffic that may indicate a network or system is under attack or being probed.
Inverse SYN Cookies
A method for tracking the state of a connection that takes the source address and port, along with the destination address and port, and puts them through a SHA-1 hashing algorithm. This value becomes the initial sequence number for the outgoing packet.
Matrix
A movie about a computer hacker who learns from mysterious rebels about the true nature of his reality and his role in the Matrix machine. A favorite movie of hackers.
Null session
A Windows feature where anonymous logon users can list domain usernames, account information, and enumerate share names.
OS identification
The practice of identifying the operating system of a networked device through either passive or active techniques.
Passive fingerprint
A passive method of identifying the OS of a targeted computer or device.
Port knocking
Port knocking is a defensive technique that requires users of a particular service to access a sequence of ports in a given order before the service will accept their connection.
Ports
Ports are used by protocols and applications. Port numbers are divided into three ranges: Well Known Ports, Registered Ports, and the Dynamic and/or Private Ports. Well Known Ports are those from 0 through 1023. Registered Ports are those from 1024 through 49151, and Dynamic and/or Private Ports are those from 49152 through 65535.
Rogue access point
An 802.11 access point that has been set up by an attacker for the purpose of diverting legitimate users so that their traffic can be sniffed or manipulated.
Sniffer
A hardware or software device that can be used to intercept and decode network traffic.
SNMP
An application layer protocol that facilitates the exchange of management information between network devices. Version one uses well-known public and private community strings.
TCP handshake
A three-step process computers go through when negotiating a connection with one another. The process is a target of attackers and others with malicious intent.
Transmission Control Protocol (TCP)
One of the main protocols of IP. It is used for reliability and guaranteed delivery of data.
User Datagram Protocol (UDP)
A connectionless protocol that provides very few error-recovery services, but offers a quick and direct way to send and receive datagrams.
Wardriving
The act of driving around in a vehicle with a laptop computer, an antenna, and an 802.11 wireless LAN adapter to find and possibly exploit existing wireless networks.
Wi-Fi Protected Access (WPA)
A security standard for wireless networks designed to be more secure than WEP. Developed from the draft 802.11i standard.
Wired Equivalent Privacy (WEP)
Based on the RC4 encryption scheme. It was designed to provide the same level of security as that of a wired LAN. Because of 40-bit encryption and problems with the initialization vector, it was found to be insecure.