You are here : Home » Learning security » Networks » Bluffing Network Scan Tools

Bluffing Network Scan Tools

What you see may not be what you get

D 24 November 2015     H 22:34     A Emeric Nasi     C 0 messages

Note: Note: Pentesting / Network security basics are recommended to understand this paper.

I Introduction.

I have often seen tutorials or even pro pentesters relying too much, if not uniquely on automatic
scanning tools. It may be due to lack of knowledge, or more often due to lack of available time.
Obviously when you have 5 week days to complete a full corporate pentest, you can only do your best,
and it won’t be perfect!
Anyway I just wanted to write a little something to remind that automatic tools results are always
interpretation of incoming data. Tools expect a certain behavior from systems, and will make some
assumptions. If you do not know this, you may be fooled by false positives or worse loose your valuable

Just a quick example, when you successfully ping a machine, so you assume it’s alive. But in fact, it just
means you received and ICMP Echo Reply packet in answer to sending an ICMP Echo Request. This echo
reply could have been send by another machine than the targeted one. It can be part of a tarpit strategy!
Now let’s focus on some major features of security scan tools:

  • OS fingerprinting
  • Port Scanning
  • Banner grabbing.

If you wish to read more about this, the document can be downloaded in a PDF format

PDF - 772.4 kb

Any message or comments?

This forum is moderated before publication: your contribution will only appear after being validated by an administrator.

Who are you?
Your post