Target address range, namespace acquisition, and gathering information are essential to a surgical attack. The key is not to miss any detail
Open source search
Wed interface whois
DNS zone Tran sphere
Bulk target assessment and identification of listening services focus the attacker attention on the most promising avenues for entry.
TCP/UDP port scan
More intrusive probing now begins as attackers begin to identified valid user accounts or poorly protected recourse shares.
List of user accounts
List of share files
Enough data has been collected to allow an informed attempt to access the target.
Password eve dropping
File share brute forcing
Password file grab
note this can go straight to DOS attacks after this step or they may continue on down the chain
If only user level access has been obtained in the last step the attacker will now seek to gain compete control over the system
The information gathering process to begin to identify access to trusted systems.
Search for clear text passwords
Once total ownership of the target is secured, hiding this fact from the systems administrator becomes paramount.
Create back doors
To insure that the intruder has privileged access whenever they choose.
Create rogue user accounts
Schedule batch jobs
Infect start up files
Install monitoring systems
Replace app with trojens
Denial of service
If the attacker is unsuccessful in gaining access they may use a readily available exploit code to disable the target as a last resort
Identical src/dst SYN requests
Overlapping fragment/offset bugs
Out of bound TCP options(OOB)