Sign In
- Platform
- Solutions
- Modern NDR
- Resources
- Company
Platform
Modern NDR
Resources
Platform
Modern NDR
Resources
DETECTION OVERVIEW
Risk Factors
While the complexity and impact are low here, this type of scan can be an indicator of an impending attack. Catching an attacker at the reconnaissance phase is critical to corporate security: there is a better chance to block an attacker before they gain significant knowledge about the domain and cause real damage to the company.
The system might change the risk score for this detection.
Kill Chain
Risk Score
37
This scan is performed after an initial compromise into the network has occurred. In the reconnaissance phase of an attack, the attacker gathers as much information as possible about the network. An attacker might search for active server names and try to decipher their primary functions as viable targets for further exploits. Most scanning tools, such as Nmap Security Scanner, perform reverse lookups on each host so that they can display the host names. Large scans can result in a high number of reverse lookup requests.
If the device running the scan is unfamiliar or the activity is unexpected, quarantine the device to prevent further network access
Segregate your network by departments or floors so that an attacker scanning the network can only get domain names of the current network they have infiltrated
Restrict or rate limit the number of requests the server will resolve for a given client
