What steps are performed in Symantec Risk Automation Suite discovery?

Article:TECH193370  |  Created: 2012-07-20  |  Updated: 2012-08-03  |  Article URL http://www.symantec.com/docs/TECH193370
Article Type
Technical Solution


Environment

Issue



This document gives a brief summary of the steps performed during the discovery process performed by Symantec’s Risk Automation Suite.


Solution



Network Discovery

·         TCP and UDP port scan
o   Send TCP SYN, look for TCP SYN/ACK
o   Send empty UDP, look for port unreachable
o    Send ICMP ping, look for echo reply
 Host Discovery
 
·         TCP and UDP port scan
o   Send TCP SYN, look for TCP SYN/ACK
o   Send empty UDP, look for port unreachable
o   Send ICMP ping, look for echo reply
·         DNS lookup
o   Performs DNS lookup
·         UDP application scan
o   NetBIOS name service – name query
o   SNMP get-request
·         TCP application scan
o    Smb
o    Telnet
o   Http
o   Https
o   SSH
o   Ftp
o   Smtp
 
 OSDiscovery
 
·         TCP and UDP port scan
·         SMB
·         UDP application scan
·         NetBIOS nbsession
·         NMap if it’s installed on the system
·         NTP
·         mDNS
·         SinFP



Article URL http://www.symantec.com/docs/TECH193370


Terms of use for this information are found in Legal Notices