Stealth scanning strategies
The greatest risk of active reconnaissance is the discovery by the target. Using the tester's time and data stamps, the source IP address, and additional information, the target can identify the source of the incoming reconnaissance. Therefore, stealth techniques are employed to minimize the chances of detection.
When employing stealth to support reconnaissance, a tester mimicking the actions of a hacker will do the following:
- Camouflage tool signatures to avoid detection and triggering an alarm
- Hide the attack within legitimate traffic
- Modify the attack to hide the source and type of traffic
- Make the attack invisible using nonstandard traffic types or encryption
Stealth scanning techniques can include some or all of the following:
- Adjusting source IP stack and tool identification settings
- Modifying packet parameters (
nmap
) - Using proxies with anonymity networks (ProxyChains and the Tor network)
Adjusting source IP stack and tool identification settings
Before the penetration...