To discover the active/live hosts in the network, host discovery techniques can be used. As an ethical hacker, you must be aware of the various types.
This article is divided into two parts. Continue Reading Part 1.
ICMP ECHO Ping Scan
Ping scans with ICMP ECHO entail sending ICMP ECHO queries to a server. If
the host is up and running, it will respond with an ICMP ECHO. This scan is
useful for detecting active devices or determining whether an ICMP packet is
being routed via a firewall.
Linux-based PCs use ICMP echo scanning; the TCP/IP stack implementations in
these OSs reply to ICMP echo requests to broadcast addresses, whereas
Windows-based networks do not use this technique.
In nmap, the -PE option is used to perform the ICMP ECHO ping
scan.
ICMP ECHP Ping Sweep
Ping Sweep sends ICMP ECHO requests to numerous hosts to determine the
live hosts from a range of IP addresses. If a host is alive, it will
respond with an ICMP ECHO. Attackers then use a ping sweep to construct a
list of active systems in the subnet.
Pinging delivers a single packet across the network to a specific IP
address. After that, the sender waits or listens for a return packet.
Pings also include the time it takes for a packet to complete its journey,
known as "round-trip time."
TOOLS
The ping sweep tools listed below allow you to determine live hosts on the
target network by issuing several ICMP ECHO queries to different hosts on
the network at the same time.
- Set up firewalls to immediately identify and block ping sweep attempts.
- To identify and stop ping sweep attempts, use intrusion detection and prevention systems such as Snort.
- Examine closely the kind of ICMP traffic that is passing via company networks.
- Any server that sends out more than 10 ICMP ECHO requests should have their connections cut off.
- Use DMZs and restrict access to instructions such as TIME EXCEEDED, HOST UNREACHABLE, and ICMP ECHO_REPLY.
- Access Control Lists (ACLs) can be used to restrict ICMP traffic and grant permissions to IP addresses that are special to them, such as ISPs.
ICMP Timestamp Ping Scan
ICMP timestamp ping is an optional and additional type of ICMP
ping, in which an attacker queries a timestamp message to obtain the
target host machine's current time information. For every timestamp qurey
received, the target machine replies with a timestamp reply. Nevertheless,
the destination host's response is conditional; based on how the
administrator configured it at the target's end, it might or might not
respond with the time value.
In nmap, the -PP option is used to perform an ICMP timestamp
ping scan.
ICMP Address Mask Ping Scan
An additional option to the conventional ICMP ECHO ping is the ICMP
address mask ping, in which the attacker sends an ICMP address mark
inquiry to the target host to obtain subnet mask information.
Depending on how it is configured, the address mark might, nevertheless,
respond with the correct subnet value.
In nmap, the -PM option is used to perform an ICMP address mask
ping scan.
You might be interested in,
- Host Discovery Techniques via Scanning - Part 1
- Phases of Hacking
- Introduction to Scanning - Second Step to Hacking
- Nmap - Host Discovery Techniques
- Nmap - Port Scanning Techniques
- OS Discovery and Countermeasures
We hope this helps. If you have any suggestions or doubts you can
add a comment and we will reply as soon as possible.
No comments:
Post a Comment