Identifying the external network infrastructure

Once the tester's identity is protected, identifying the devices on the internet-accessible portion of the network is the next critical step in scanning a network.

Attackers and penetration testers use this information to do the following:

• Identify devices that may confuse (load balancers) or eliminate (firewalls and packet inspection devices) test results
• Identify devices with known vulnerabilities
• Identify the requirement for continuing to implement stealthy scans
• Gain an understanding of the target's focus on secure architecture and on security in general

traceroute provides basic information on packet filtering abilities; some other applications on Kali include the following:

The following screenshot shows the results obtained from running the lbd script against Facebook; as you can see, Google uses both DNS-Loadbalancing and HTTP-Loadbalancing on its site. From a penetration tester's perspective, this information could be used to explain why spurious results are obtained, as the load balancer shifts a particular tool's activity from one server to another: