Process of attacking

The attack often is a multi-phased process, which can proceed for instance in the following way:

1. Footprinting, where the attacker chooses, according to his motive or at random, the system to be attacked or through which the attack will be performed.

2. Scanning, where the attacker investigates all possible information available on the target. The purpose of scanning is to chart e.g. the equipment and services in operation at the target or the target network. This information enables the attacker to direct the attack for instance to devices in function only.

3. Attacking, which often happens as soon as the attacker finds he has collected the necessary information on his target and the security flaws. After successful scanning, the attacker has various alternatives to gain his goal.

4. Operation during the attack, when the attacker can pursue his goal by exploiting several systems to hide his own network identity and to intensify his attack. The attacker may also tamper the username files of the system and add the rights of system administrator to himself or to the username used by him.

5. Exit from the target, when the attacker tries to cover his tracks by changing the names of the files installed by him or by transferring them to such parts in the directory structure where they cannot be easily detected. The attacker may also try to manipulate the log files and control programmes of the system in such a way that his attack could not be noticed.