Information gathering is essentially using the Internet to find all the information you can about the target (company and/or person) using both technical (DNS/WHOIS) and nontechnical (search engines, news groups, mailing lists etc) methods. Whilst conducting information gathering, it is important to be as imaginative as possible. Attempt to explore every possible avenue to gain more understanding of your target and its resources. Anything you can get hold of during this stage of testing is useful: company brochures, business cards, leaflets, newspaper adverts, internal paperwork, and etc. Information gathering does not require that the assessor establishes contact with the target system. Information is collected (mainly) from public sources on the Internet and organizations that hold public information (e.g. tax agencies, libraries, etc.)
information gathering in Network Penetration Testing
Phase 1. The first step in information gathering is - network survey. A network survey is like an introduction to the system that is tested. By doing that, you will have a “network map”, using which you will find the number of reachable systems to be tested without exceeding the legal limits of what you may test. But usually more hosts are detected during the testing, so they should be properly added to the “network map”. The results that the tester might get using network surveying are:
- - Domain Names
- - Server Names
- - IP Addresses
- - Network Map
- - ISP / ASP information
- - System and Service Owners
Network surveying can be done using TTL modulation(traceroute), and record route (e.g. ping -R), although classical 'sniffing' is sometimes as effective method
Phase 2. 2nd phase is the OS Identification (sometimes referred as TCP/IP stack fingerprinting). The determination of a remote OS type by comparison of variations in OS TCP/IP stack implementation behavior. In other words, it is active probing of a system for responses that can distinguish its operating system and version level. The results are:
- - OS Type
- - System Type
- - Internal system network addressing
The best known method for OS identification is using nmap
Phase 3. Next step is port scanning Port scanning is the invasive probing of system ports on the transport and network level. Included here is also the validation of system reception to tunneled, encapsulated, or routing protocols. Testing for different protocols will depend on the system type and services it offers. Each Internet enabled system has 65,536 TCP and UDP possible ports (incl. Port 0). However, it is not always necessary to test every port for every system. This is left to the discretion of the test team. Port numbers that are important for testing according to the service are listed with the task. Additional port numbers for scanning should be taken from the Consensus Intrusion Database Project Site. The results that the tester might get using Port scanning are:
- - List of all Open, closed or filtered ports
- - IP addresses of live systems
- - Internal system network addressing
- - List of discovered tunneled and encapsulated protocols
- - List of discovered routing protocols supported
- Service Types
- Service Application Type and Patch Level
- Network Map
1 comments:
Write commentsThank you so much for your wonderful information…great work keep going…Looking for the best network penetration testing services in Hyderabad in your budget contact Cyanous software solutions now.
ReplyBest network penetration testing services in Hyderabad
Best software & web development company in Hyderabad
EmoticonEmoticon