This tutorial explains reconnaissance attacks in detail. Learn what reconnaissance attacks are, types of reconnaissance attacks, how reconnaissance attacks are performed, and how to prevent a network from reconnaissance attacks.
What is a reconnaissance attack?
A reconnaissance attack is a type of security attack that an attacker uses to gather all possible information about the target before launching an actual attack. An attacker uses a reconnaissance attack as a preparation tool for an actual attack.
Types of reconnaissance attacks
There are three types of reconnaissance attacks. These are social, public, and software. Let's discuss these types in detail.
Social reconnaissance attacks
In this type of attack, a hacker uses social engineering to gather information about the target. Users share a lot of personal and business information on social networking sites. A hacker can use social networking sites to gather information about the target. For example, if the target is a company, the hacker can use social networking sites to reveal information about the company's employees.
A hacker can use honey trap techniques to lure an employee. Once the employee accepts the friend request of the hacker, the hacker starts the next step. In the next step, the hacker convinces the employee to reveal information about his business. For example, the hacker may provide technical support to the employee on his project. Or the hacker may offer some monetary reward for disclosing information about the company.
To reduce social reconnaissance attacks, a company must train its employees about what information they cannot share with others within and outside the company. Employees should never share sensitive information on any social platform. If an employee shares any confidential information with unknown persons or outside users, the company must take appropriate action against the employee.
Public reconnaissance attacks
In this type of attack, a hacker collects information about the target from public domains. Companies share location and business model information on their websites. A hacker can use this information to determine the location of the target. From this information, a hacker can also determine what kind of infrastructure the target uses. For example, most web hosting companies share information about their servers and security equipment. Companies share this information to attract new customers and gain the trust of existing customers. Hackers can use this information to find vulnerabilities in the company's network.
To mitigate public reconnaissance attacks, companies should not share confidential information on public platforms. For business requirements, if a company wants to share information about its infrastructure, instead of sharing exact hardware information, it should share generic information. Generic information will fulfill the business requirement. From generic information, a hacker can't guess the product information. For example, if a company uses the Cisco Firepower 4100 Firewall, it may publish that we use the Cisco Firewall.
Software reconnaissance attacks
In this type of attack, a hacker uses software tools to gather information about the target. Operating systems and software packages include many tools and utilities for debugging and troubleshooting. A hacker can use them to collect information about the network and its resources. For example, a hacker can use the nslookup command to perform a DNS lookup. The nslookup command resolves an IP address from a fully qualified domain name. Once the hacker knew the domain name of the business, the hacker can use the whois database to reveal detailed information about domain owners, mail servers, contact information, authoritative DNS servers, etc.
In the next step, the hacker can use the ping command. The ping command sends packets to the target host. If the target host is live, the host replies to the packets. Reply packets verify that the target host is live. The following image shows the sample output of the ping command.
In addition to the ping command, the hacker can also use the tracert command. The tracert command prints the path that packets use to reach the destination device. With the help of the ping command and the tracert command, a hacker can create a visual map of the target network. The following image shows an example of the tracert command.
In the next step, the hacker can use port scanners to detect running services on the target host. To scan services, the hacker can use nmap scanner. The following image shows a sample output of the nmap port scanner.
To mitigate software reconnaissance attacks, an administrator can use the following techniques: -
- Can disable all unused ports on servers
- Can use the masking service to hide sensitive information on the whois database
- Can use NAT to hide the internal structure of the network
- Can use software or hardware firewall to filter all specious traffic
That's all for this tutorial. In this tutorial, we discussed what reconnaissance attacks are and how they work in detail.