What is the difference between scanning and footprinting?

tekin112000

Scanning and footprinting: two terms that seem to have the same definiton to me.

Does anyone have precise definitions of each?

How are they different?

Thanks

Find more posts tagged with

Comments

erpadmin

tekin112000 wrote: »

Scanning and footprinting: two terms that seem to have the same definiton to me.

Does anyone have precise definitions of each?

How are they different?

Thanks

Footprinting is basically determining what servers/devices are performing what functions. Scanning is one of the ways that you perform footprinting.

For example. I do a port scan against a IP on your external network and I see this

20, blocked
21, blocked
...
80, not blocked
...
443, not blocked
...

Edit: (Assume that every port is blocked except for the ones that aren't blocked...the remaining 65533 ports...that's what the "..." is for)

Just based on the ports, I know what this PC/Server functions as. I just "footprinted" a secure web server that is used by the organization. This is just one of several machines I might have found. But I'm basically trying to map the infrastructure from the outside so that I can find a hole to get through your firewall, and then try to footprint your internal network.

So in short, footprinting is a way to map a network. Scanning is one of the ways you footprint.

Devilsbane

erpadmin wrote: »

I just "footprinted" a secure web server that is used by the organization. This is just one of several machines I might have found. But I'm basically trying to map the infrastructure from the outside so that I can find a hole to get through your firewall, and then try to footprint your internal network.

Or maybe you just found a DC that some idiot set up IIS on and you can use the flaws in IIS to exploit the DC.

erpadmin

Devilsbane wrote: »

Or maybe you just found a DC that some idiot set up IIS on and you can use the flaws in IIS to exploit the DC.

If that were the case, that moron deserves to be fired.

However, I didn't go into the next phase of my attack, so I couldn't tell you for sure.

But I definitely wouldn't want to be that guy if you're right.....lmao.

EDIT: Actually I'm thinking....if all the ports are blocked that aren't 80 and 443, this couldn't be a DC. 389, 53, etc. would need to be on as well for LDAP, DNS, etc.

Devilsbane

erpadmin wrote: »

EDIT: Actually I'm thinking....if all the ports are blocked that aren't 80 and 443, this couldn't be a DC. 389, 53, etc. would need to be on as well for LDAP, DNS, etc.

Yes, but all you specified was blocked was 20 and 21. And even if this isn't a DC, the guy should probably still be fired for not using an IPS and thwarting your port scan.

erpadmin

Devilsbane wrote: »

Yes, but all you specified was blocked was 20 and 21. And even if this isn't a DC, the guy should probably still be fired for not using an IPS and thwarting your port scan.

Oh, I should have specified that the ... meant that I was scanning all 65535 ports....wasn't exactly going to type all of that. LOL.

But yes, that guy would definitely still deserve to lose his job...because really, stupidity is no excuse.