- Home
- Techniques
- PRE-ATT&CK
- Conduct active scanning
Conduct active scanning
Active scanning is the act of sending transmissions to end nodes, and analyzing the responses, in order to identify information about the communications system. [1]
Detection
Detectable by Common Defenses (Yes/No/Partial): Yes
Explanation: This technique is an expected and voluminous activity when on the Internet. Active scanning techniques/tools typically generate benign traffic that does not require further investigation by a defender since there is no actionable defense to execute. The high volume of this activity makes it burdensome for any defender to chase and therefore often ignored.
Difficulty for the Adversary
Easy for the Adversary (Yes/No): Yes
Explanation: Various available tools and data sources for scouting and detecting address, routing, version numbers, patch levels, protocols/services running, etc.
References
- Rotem Kerner. (2015, October). RECONNAISSANCE: A Walkthrough of the “APT” Intelligence Gathering Process. Retrieved March 1, 2017.