What is the difference between scanning and footprinting?

tekin112000tekin112000 Member Posts: 1 ■■■□□□□□□□
Scanning and footprinting: two terms that seem to have the same definiton to me.

Does anyone have precise definitions of each?

How are they different?

Thanks

Comments

  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Scanning and footprinting: two terms that seem to have the same definiton to me.

    Does anyone have precise definitions of each?

    How are they different?

    Thanks

    Footprinting is basically determining what servers/devices are performing what functions. Scanning is one of the ways that you perform footprinting.

    For example. I do a port scan against a IP on your external network and I see this

    20, blocked
    21, blocked
    ...
    80, not blocked
    ...
    443, not blocked
    ...

    Edit: (Assume that every port is blocked except for the ones that aren't blocked...the remaining 65533 ports...that's what the "..." is for)

    Just based on the ports, I know what this PC/Server functions as. I just "footprinted" a secure web server that is used by the organization. This is just one of several machines I might have found. But I'm basically trying to map the infrastructure from the outside so that I can find a hole to get through your firewall, and then try to footprint your internal network.


    So in short, footprinting is a way to map a network. Scanning is one of the ways you footprint.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    erpadmin wrote: »
    I just "footprinted" a secure web server that is used by the organization. This is just one of several machines I might have found. But I'm basically trying to map the infrastructure from the outside so that I can find a hole to get through your firewall, and then try to footprint your internal network.

    Or maybe you just found a DC that some idiot set up IIS on and you can use the flaws in IIS to exploit the DC.
    Decide what to be and go be it.
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Devilsbane wrote: »
    Or maybe you just found a DC that some idiot set up IIS on and you can use the flaws in IIS to exploit the DC.

    If that were the case, that moron deserves to be fired.

    However, I didn't go into the next phase of my attack, so I couldn't tell you for sure. icon_cool.gif But I definitely wouldn't want to be that guy if you're right.....lmao.

    EDIT: Actually I'm thinking....if all the ports are blocked that aren't 80 and 443, this couldn't be a DC. 389, 53, etc. would need to be on as well for LDAP, DNS, etc.
  • DevilsbaneDevilsbane Member Posts: 4,214 ■■■■■■■■□□
    erpadmin wrote: »
    EDIT: Actually I'm thinking....if all the ports are blocked that aren't 80 and 443, this couldn't be a DC. 389, 53, etc. would need to be on as well for LDAP, DNS, etc.

    Yes, but all you specified was blocked was 20 and 21. And even if this isn't a DC, the guy should probably still be fired for not using an IPS and thwarting your port scan.
    Decide what to be and go be it.
  • erpadminerpadmin Member Posts: 4,165 ■■■■■■■■■■
    Devilsbane wrote: »
    Yes, but all you specified was blocked was 20 and 21. And even if this isn't a DC, the guy should probably still be fired for not using an IPS and thwarting your port scan.


    Oh, I should have specified that the ... meant that I was scanning all 65535 ports....wasn't exactly going to type all of that. LOL.

    But yes, that guy would definitely still deserve to lose his job...because really, stupidity is no excuse.
Sign In or Register to comment.