Identifying the external network infrastructure
Once the tester’s identity is protected, identifying the devices on the internet-accessible portion of the network is the next critical step in scanning a network. Attackers and penetration testers use this information to do the following:
- Identify devices that may confuse (load balancers) or eliminate (firewalls and packet inspection devices) test results
- Identify devices with known vulnerabilities
- Identify the requirement for continuing to implement stealthy scans
- Gain an understanding of the target’s focus on secure architecture and security in general
traceroute provides basic information on packet filtering abilities; some other applications on Kali include the following:
- Lbd: Uses two DNS and HTTP-based techniques to detect load balancers (shown in Figure 3.16)
- Nmap: Detects devices and determines the operating systems and version
- Shodan: Web-based search...
