These events take place during an external vulnerability scan.
Event |
Description |
Host Discovery |
The service checks availability of target hosts. For each host, the service checks whether the host is connected to the Internet, whether it has been shut down and whether it forbids all Internet connections. The service pings each target host using ICMP, TCP, and UDP probes. The TCP and UDP probes are sent to default ports for common services on each host, such as DNS, TELNET, SMTP, HTTP and SNMP. If these probes trigger at least one response from the host, the host is considered "alive." If the host is not "alive" then the scan process will not proceed. |
Port Scanning |
The service finds all open TCP and UDP ports on target hosts. |
OS Detection |
The service attempts to identify the operating system installed on target hosts. This is accomplished through TCP/IP stack fingerprinting, OS fingerprinting on redirected ports, and is enhanced by additional information gathered during the scan process, such as NetBIOS information gathering. |
Service Discovery |
When a TCP or UDP port is reported as open, the scanning service uses several discovery methods to identify which service is running on the port, and confirms the type of service running to obtain the most accurate data. |
Vulnerability Assessment |
Each of the previous steps results in information gathered for each target host, such as the operating system and version installed, which TCP and UDP ports are open and which services are running on those ports. This information is used to begin vulnerability assessment. The scanning engine runs tests that are applicable to each target host based on the information gathered for the host. |