Book Image

Practical Network Scanning

By : Ajay Singh Chauhan
Book Image

Practical Network Scanning

By: Ajay Singh Chauhan

Overview of this book

Network scanning is the process of assessing a network to identify an active host network; same methods can be used by an attacker or network administrator for security assessment. This procedure plays a vital role in risk assessment programs or while preparing a security plan for your organization. Practical Network Scanning starts with the concept of network scanning and how organizations can benefit from it. Then, going forward, we delve into the different scanning steps, such as service detection, firewall detection, TCP/IP port detection, and OS detection. We also implement these concepts using a few of the most prominent tools on the market, such as Nessus and Nmap. In the concluding chapters, we prepare a complete vulnerability assessment plan for your organization. By the end of this book, you will have hands-on experience in performing network scanning using different tools and in choosing the best tools for your system.
Table of Contents (19 chapters)
Title Page
Packt Upsell
Contributors
Preface
Index

OS matching algorithms


Nmap's algorithm for detecting matches is a simple process which collects target fingerprints and tests it against every single reference fingerprint in nmap-os-db. After testing all the probes against a fingerprint, Nmap divides NumMatchPoints by possible points. The result of this is a confidence factor describing the probability that the subject fingerprint matches that particular reference fingerprint.

Defense against port scans

So far, we have learned how to use port scanning techniques to discover and detect information about remote hosts. Let's try to understand that any services/hosts will be vulnerable to port scans, which are exposed to users through some sort of connectivity. This might include an enterprise WAN or the internet. Port scanning is also not classed as illegal activity unless information is used to exploit systems.

The amount of information that should be exposed to the outside world is down to the system administrator. Any IP scanning starts with...