Active Scanning: Сканирование блоков IP-адресов
Other sub-techniques of Active Scanning (3)
Adversaries may scan victim IP blocks to gather information that can be used during targeting. Public IP addresses may be allocated to organizations by block, or a range of sequential addresses. Adversaries may scan IP blocks in order to Gather Victim Network Information, such as which IP addresses are actively in use as well as more detailed information about hosts assigned these addresses. Scans may range from simple pings (ICMP requests and responses) to more nuanced scans that may reveal host software/versions via server banners or other network artifacts.(Citation: Botnet Scan) Information from these scans may reveal opportunities for other forms of reconnaissance (ex: Search Open Websites/Domains or Search Open Technical Databases), establishing operational resources (ex: Develop Capabilities or Obtain Capabilities), and/or initial access (ex: External Remote Services).
Примеры процедур |
|
Название | Описание |
---|---|
TeamTNT |
TeamTNT has scanned specific lists of target IP addresses.(Citation: Trend Micro TeamTNT) |
Контрмеры |
|
Контрмера | Описание |
---|---|
Pre-compromise |
This category is used for any applicable mitigation activities that apply to techniques occurring before an adversary gains Initial Access, such as Reconnaissance and Resource Development techniques. |
Обнаружение
Monitor for suspicious network traffic that could be indicative of scanning, such as large quantities originating from a single source (especially if the source is known to be associated with an adversary/botnet). Much of this activity may have a very high occurrence and associated false positive rate, as well as potentially taking place outside the visibility of the target organization, making detection difficult for defenders. Detection efforts may be focused on related stages of the adversary lifecycle, such as during Initial Access.
Связанные риски
Риск | Связи | |
---|---|---|
Раскрытие информации об ИТ инфраструктуре из-за
возможности сканирования IP адресов в публичном IP-адресе
Конфиденциальность
Раскрытие информации
|
1
|
|
Раскрытие информации об ИТ инфраструктуре из-за
возможности сканирования IP адресов в локальной сети
Конфиденциальность
Раскрытие информации
|
|
Мы используем cookie-файлы, чтобы получить статистику, которая помогает нам улучшить сервис для вас с целью персонализации сервисов и предложений. Вы может прочитать подробнее о cookie-файлах или изменить настройки браузера. Продолжая пользоваться сайтом, вы даёте согласие на использование ваших cookie-файлов и соглашаетесь с Политикой обработки персональных данных.