movies b grade...

movies

clickhere....

Thursday, March 31, 2011

What is Footprinting, Fingerprinting Enumeration & SNMP Enumeration ?? what are the various Attack Methods | Softwares and tools

Defining Footprinting
  • Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner.
  • Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
  • Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved.
For Full Article VISIT HERE

Footprinting - Attack Methods

The attacker may choose to source the information from:
  • A web page (save it offline, e.g. using offline browser such as Teleport pro
  • Yahoo or other directories. (Tifny is a comprehensive search tool for USENET newsgroups.
  • Multiple search engines (All-in-One, Dogpile), groups.google.com is a great resource for searching large numbers of news group archives without having to use a tool.
  • Using advanced search (e.g. AltaVista),
  • Search on publicly trade companies (e.g. EDGAR).
  • Dumpster diving (To retrieve documents that have been carelessly disposed)
  • Physical access (False ID, temporary/contract employees, unauthorized access etc)
For Full Article VISIT HERE

Active Stack Fingerprinting: This technique is called OS fingerprinting
  • Fingerprinting is done to determine the remote OS
  • Allows attacker to leave smaller footprint and have greater chance to succeed
  • Based on the fact that various OS vendors implement the TCP stack differently
  • Specially crafted packets sent to remote OS and response is noted. This is compared with a database to determine the OS
For Full Article VISIT HERE

Passive Fingerprinting
  • Passive fingerprinting is also based on the differential implantation of the stack and the various ways an OS responds to it.
  • However, instead of relying on scanning the target host, passive fingerprinting captures packets from the target host and study it for tell tale signs that can reveal the OS.
  • Passive fingerprinting is less accurate than active fingerprinting.
For Full Article VISIT HERE

What is Enumeration ???
  • If acquisition and non intrusive probing have not turned up any results, then an attacker will next turn to identifying valid user accounts or poorly protected resource shares.
  • Enumeration involves active connections to systems and directed queries.
  • The type of information enumerated by intruders:
Network resources and shares
Users and groups
Applications and banners

For Full Article VISIT HERE

To get the list of Enumeration Softwares and Tools VISIT HERE

SNMP Enumeration
  • SNMP is simple. Managers send requests to agents, and the agents send back replies.
  • The requests and replies refer to variables accessible to agent software.
  • Managers can also send requests to set values for certain variables.
For Full Article VISIT HERE

SNMP Enumeration Countermeasures

Countermeasure Do not install the management and monitoring windows component if it is not going to be used. In case it is required ensure that only legally authorized persons have access to it else, it might turn into an obvious backdoor. Edit the Registry to permit only approved access to the SNMP community Name.

For Full Article VISIT HERE

To get the list of Enumeration Softwares and Tools VISIT HERE

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...