ThreatReconnaissance enables adversaries to gather information about the target system including network topology, configurations, network dynamics.
This information can be used to identify system vulnerabilities, and to design and execute specific exploits.
Procedure of AttackMost network mapping tools perform their operations by using ICMP packets and TCP or UDP scans.
- ICMP messages are typically used to verify connectivity or reachability of potential targets. TCP and UDP port scans are used to identify running services of a target.
- Replies (RCP RST, silent drop of ICMP unreachable) to scans can also reveal what services are allowed or filtered through transit devices.
- Additionally, the TTL field of IP packets is used to identify the distance between the target and the destination.
 SDN-based solutions for Moving Target Defense Network Protection, by Panos Kampanakis, in WoWMoM14