The very first place to start is scanning. Yes scanning! Its not hard and it’s a fundamental technique that you must know and know well to be a hacker. Don’t just open up your super scan and plug an IP range in a couple of times and think “ok I am done”! Make it a point over the next 2 weeks to know all there is about scanning. Make it a goal to become a master scanner.
Nmap is really the tool to focus on. The majority of Hackers use it and gives you a good idea of what they can see. Learn all the switches and variations. Don’t just use sS or sT but try all kinds of combinations and more importantly, try and understand them. Try making decoys, etc… The goal is to get to the point that you feel like you would be comfortable sitting at a table with a group of high level hackers and you could hold your own when discussing nmap.
The ideal place to scan is your own network or test lab. Yes you can scan blindly over the internet, but there is a little risk involved. While scanning is not illegal (remember hackers consider illegal as nothing more than a sick bird-ok no more bad jokes) some ISPs look down on it and consider it a violation of your service agreement. If they catch you, they might suspend your internet connection. For instance Cox cable has 3 strikes and your out policy. If they catch you the first time, they will suspend your connection until you explain what’s going on. That just happened to someone I know. No it’s not me, lol! The 3rd time they catch you, you will be permanently cut off by them and must look for a new provider. If you do get caught and suspended, you will need to give them some reason for the activity coming off your modem. They assume you have been trojaned and expect you to run your anti-virus and fix the problem. In the case of the person I know, that’s exactly what he told them he had done. He played dumb and said he forgot to update his anti-virus. He then claimed to update it and scan his computer and found all kinds of bad things ( probably that was true because the bad things were the stuff he placed on there himself, lol!) and now they were all gone and his box was clean. They quickly gave his access back but that was strike 1 on his record. I am only telling that story in case someone reading this decides to go crazy scanning NORAD or something from their home network! If you do, remember you have been warned. Just use common sense (like scan from your neighbor’s house just kidding!) and you will be fine. On a side note, I have never had a problem scanning even from home. The key is not to keep scanning the same target over and over and especially not the server of the ISP, jeeze! Also, don’t try and telnet to anything, even just as an innocent banner grab. That’s will be seen as an unauthorized attempt to connect. However, if you attempt that to a remote server that is not part of your ISP’s network, more than likely you will be ok. Most ISPs dont give a dang if you are scanning boxes in say, Nigeria!
I still say the best place to scan is your own lab. You can have the benefit of seeing how your snort logs respond to it, etc… Commit at least a half hour a day for the next 2 weeks and you will have a good understanding of nmap and have a solid grasp on a crucial fundamental.