Security in Computer Networks

8.7.1 Mapping
Home | Introduction | 8.1 What Is Network Security? | 8.2 Principles of Cryptography | 8.3 Authentication | 8.4 Integrity | 8.5 Key Distribution and Certification | 8.6 Access Control: Firewalls | 8.7 Attacks and Countermeasures | 8.8 Security in Many Layers: Case Studies

In the real world an attack is often preceded by information gathering.  Movie gangsters "case the joint;" soldiers scout the area.  The purpose id clear--the more one knows about a target before attacking, the less likely oneis to be caught and the higher the probability of success.  This is also true in the cyberworld.  Before attacking a network, attackers would like to know the IP addresses of machines on the network, the operating systems they use, and the services that they offer.  With this information, attacks can be more focused and are less likely to cause alarm.  The process of gathering this information is known as mapping
 
A progam such as ping can be used to determine the IP addresses of machines on the network by simplyobserving which addresses respond to a ping message.  Port scanning refers to the technique of sequentially contacting port numbers on a machine and seeing what happens in response.  These responses, in turn, can be used to determine the services offered by the machine.  Nmap is widely used, open-source utility for network exploration and security auditing that performs port scanning.  Many firewalls, such as those sold by Checkpoint, detected mapping and port-scanning, as well as other such malicious activity, and report it to the network manager.