Stealth scanning strategies

The greatest risk involved in active reconnaissance is being discovered by the target. Using the tester's time and data stamps, the source IP address, and additional information, the target can identify the source of the incoming reconnaissance. Therefore, stealth techniques are employed to minimize the chances of being detected.

When employing stealth to support reconnaissance, a tester mimicking the actions of a hacker will do the following:

• Camouflage tool signatures to avoid detection or triggering an alarm
• Hide the attack within legitimate traffic
• Modify the attack to hide the source and type of traffic
• Make the attack invisible using nonstandard traffic types or encryption

Stealth scanning techniques can include some or all of the following:

• Adjusting the source IP stack and tool identification settings
• Modifying packet parameters (nmap)
• Using proxies with anonymity networks (ProxyChains and the Tor network)