Network Penetration Methods Empoloyed

penetration of firewalls and identifying extra hosts behind the firewalls for example port 53 UDP traceroute through a DNS permitting firewall. This would test the establishment of secure special filters on the DNS port.

NB .. Firewalk, a an OS identification method : uses packets with a TTL set to expire one hop past the gateway. A TTL expired would be received. a Network packets returned are referenced to a database of responses for OS in terms of TTL of the outbound packet, Packet Window size, DF bit , Type of Service parameters. This can be undertaken using port 80 access from a web site and analysing the response packets .. a very stealthy method in use by hackers. This method test for weaknesses in allowing ICMP TTL exceeded messages to leave the network this vulnerability is in place when traceroute is in valid use from inside the client network. Also a test for the presence of a Proxy server or NAT.

Port Scanning

The standard tool to port analysis is nmap to produce the comparative scan results for connect scans , SYN scans FIN and NULL scans .

Identifying the target hosts operating systems in the clients network is undertaken by superscan and nmap scanners to differences in the ip stack characteristics.

The ports open on the targets and what services are running must then be identified. This is can be undertaken with fping hping tcpprobe and WS_pingpro pack. These are not stealthy and therefore only good for open internal testing normally. Scans are undertaken on 1-1024 and 1025 to 65535 to determine rogue or unregistered services.

Port scan information availability would then be examined. This information allows