search
githubEdit

🐹Stealth Scanning Strategies

When employing stealth to support reconnaissance, a tester mimicking the actions of a hacker will do the following:

  • Camouflage tool signatures to avoid detection and triggering an alarm

  • Hide the attack within legitimate traffic

  • Modify the attack to hide the source and type of traffic

  • Make the attack invisible using nonstandard traffic types or encryption

Stealth scanning techniques can include some or all of the following:

  • Adjusting source IP stack and tool identification settings

  • Modifying packet parameters (nmap)

  • Using proxies with anonymity networks (ProxyChains and Tor network)

hashtag
Adjust Source IP Stack and Tool Identification Settings

hashtag
Disable IPv6

nano /etc/sysctl.conf

# Include the Follwoing Line
# disable ipv6
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable = 1

hashtag
Change User Agent

hashtag
Metasploit

hashtag
Modify Packet Parameter

hashtag
Nmap Stealth Scan

hashtag
Using Proxy with Anonymity Networks (Tor and Privoxy)

hashtag
Proxychains4

circle-info

The Tor-Buddy script allows you to control how frequently the Tor IP address is refreshed, automatically making it more difficult to identify the user's information (http://sourceforge.net/projects/linuxscripts/ files/Tor-Buddy/).

PreviousActive ReconNextIdentify Network Infrastructure

Last updated