Non-Standard NMAP Scans

The scanner nmap is a network scanning tool that allows for the scanning of network for host and service discovery. It is used by network administrators, hackers, and security processionals alike to see the underlying hosts and to see what information attached hosts present when sent to various network packets. This allows a potential threat actor to enumerate the hosts and services on that network and create what security professionals call the Attack Surface” that is discovering the underlying technologies such as service versions, Operating Systems, usernames, etc., and then researching this data to discover an exploit that can be leveraged to gain unauthorized access to that network and leverage the associated network infrastructure for nefarious purposes.

Learning and using non-standard scanning techniques will help to assess a network topology, underlying technologies, and firewall rules and posture present in that network.

 

Overview

The student will perform non-standard NMAP scans on a network to:

  1. Determine open ports.
  2. Determine service versions.
  3. Map firewall rules and signature. 
  4. Determine IDS and  WAF (Web Application Firewall) coverage.
Courses

Key terms and descriptions

NMAP
Nmap (Network Mapper) is a powerful open-source network scanning and discovery tool used to gather information about hosts and services on a computer network.
SYN Scan
A SYN scan (also known as a half-open scan or a stealth scan) is a type of network scanning technique used by tools like Nmap to determine the open ports on a target host. The SYN scan operates by sending a series of SYN (synchronize) packets to the target's ports and analyzing the responses.
FIN Scan
A FIN scan is a network scanning technique used to identify open ports on a target host by sending specially crafted FIN (finish) packets and analyzing the responses. The FIN scan takes advantage of certain behaviors in the TCP (Transmission Control Protocol) protocol stack to determine the status of ports without completing a full TCP connection handshake.
UDP
UDP is a connectionless protocol commonly used for services that do not require the same level of reliability and overhead as TCP (Transmission Control Protocol).
UDP Scan
A UDP scan is a type of network scanning technique used to identify open UDP (User Datagram Protocol) ports on a target host. UDP scans can help discover services and applications that are listening on UDP ports and might not be easily identified using other scanning methods.
XMAS Scan
An XMAS scan (also known as a Christmas Tree scan) is a network scanning technique used to identify open ports on a target host. This scan gets its name from the pattern of flags set in the TCP header of the packets sent to the target, which resembles the blinking lights of a Christmas tree.
ACK Scan
An ACK scan (Acknowledgment scan) is a type of network scanning technique used to map out firewall rules and filtering policies on a target host or network. Unlike other scan types that focus on identifying open or closed ports, the ACK scan primarily aims to elicit specific responses from a target's firewall.