Computer system security involves constantly evolving threats and ways of protecting against those threats. Malicious individuals, for example, often utilize clever schemes implemented over computer networks for causing people to provide security credentials, transfer money and take other actions adverse to their self-interests. As another example, modern computer systems are frequently subjected to a variety of attacks by malicious agents who attempt to exploit vulnerabilities in the computer system to alter and/or gain control of the computer system. Such attacks, if successful, can lead to significant disruption of computer system operations, possibly leading to system slowdowns and outages as the various services on a host (or server) computer system become corrupted and/or unavailable.
One method of initiating an attack on a host computer system is for an attacker to gain information about the services running on a host computer system and/or about the users of the computer system so that the subsequent attacks can be targeted to those services and/or those users. An attacker will attempt to determine which services are associated with a host by attempting multiple or exhaustive connections to the ports on the host, recording which ports respond and recording how they respond. The attacker may attempt to determine which users are associated with a host by attempting multiple user connections using, for example, common or predictable user names. The attacker may then focus subsequent attacks on the verified services and/or users associated with a host computer system and on locating new vulnerabilities in other services found during the initial probe. Enumerating the services on a host system thus allows an attacker to limit the scope of the attacks to potentially fruitful targets, thereby saving time, expense and effort in the attack and consequentially increasing the vulnerability of the computer system to other attacks.