WITH THE INFORMATION collected up to this point, an attacker has a better picture of what the environment targeted looks like. What the attacker doesn't know, however, is what the system is actually offering. To determine what a system is offering is the goal of a process of enumeration. Enumeration takes the information that has already been carefully gathered and attempts to extract information about the exact nature of the system itself.

Enumeration is the most aggressive of the information gathering processes seen up to this point. Up to this point, information has been gathered without interacting to a high degree with the target. In contrast, with enumeration, the target is being interacted ...