Monday, January 4, 2010

What is Enumeration (PART 2)???

#If acquisition and non intrusive probing have not turned up any results, then an attacker will next turn to identifying valid user accounts or poorly protected resource shares.
#

Enumeration involves active connections to systems and directed queries.
#

The type of information enumerated by intruders:

    *

      Network resources and shares
    *

      Users and groups
    *

      Applications and banners

      The objective of the attacker will be to identify valid user accounts or groups where he can remain inconspicuous once he has compromised the system. Enumeration involves active connections being made to the target system, or subjecting it to directed queries made to a system. Normally, an alert and secure system will log such attempts. Often the information gathered is what the target might have made public - such as a DNS address. However, it is possible that the attacker stumbles upon a remote IPC share such as the IPC$ in windows, that can be probed with a null session and shares and accounts enumerated.
          Concept     

      On ascertaining the security posture of the target, the attacker can turn this information to this advantage by exploiting some resource sharing protocol or compromising an account. The type of information enumerated by hackers can be loosely grouped into the following categories:
         1.

            Network resources and shares
         2.

            Users and Groups
         3.

            Applications and Banners


            ---

0 comments:

Post a Comment