Check for Live Systems: Ping scan checks for the live system by sending ICMP echo request packets. If a system is alive, the system responds with ICMP echo reply packet containing details of TTL, packet size etc.
Check for Open Ports: Port scanning helps us to find out open ports, services running on them, their versions etc. Nmap is the powerful tool used mainly for this purpose.
We have various types of scan:
Connect scan: Identifies open ports by establishing a TCP handshake with the target.
Nmap command: nmap -sT -v -p- <TargetIP>
Half-open scan otherwise known as Stealth scan used to scan the target in a stealthy way by not completing the TCP handshake by abruptly resetting the communication.
XMAS scan: This is also called as inverse TCP scanning. This works by sending packets set with PSH, URG, FIN flags. The targets do not respond if the ports are open and send a reset response if ports are closed.
Banner grabbing is a process of collecting information like operating system details, the name of the service running with its version number etc.
Mainly automated tools are used for this purpose. These automated scanners scan the target to find out vulnerabilities or weakness in the target organization which can be exploited by the attackers. Vulnerabilities include application vulnerabilities, configuration vulnerabilities, network vulnerabilities, operating system vulnerabilities etc.
Some examples include operating system is not updated, default passwords used, plain text protocols used, vulnerable protocols running etc.
Tools: Nessus, Acunetix
Draw Network Diagrams
With the information gathered, the attacker can come up with a network diagram which might give him information about network and architecture of the target organization helping him to identify the target easily
Tools: Network View, Opmanager etc
Proxies can use to maintain the anonymity of the attacker by masking the IP address. It can capture information passing through it since it acts as an intermediary between client and server and the attacker can access the resources remotely using the proxies.
Eg: TOR browsers, Onion sites etc, Proxify, Psiphon etc
Configure IDS and firewall to block probes.
Keep firewall, routers, IDS firmware update
Run port scanners to verify the security of the target.
Add rules in firewall restricting access to ports.