Download The UNIX operating system

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
Document related concepts

Computer network wikipedia , lookup

Net bias wikipedia , lookup

Airborne Networking wikipedia , lookup

Wake-on-LAN wikipedia , lookup

Parallel port wikipedia , lookup

Deep packet inspection wikipedia , lookup

Piggybacking (Internet access) wikipedia , lookup

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

List of wireless community networks by region wikipedia , lookup

Zero-configuration networking wikipedia , lookup

Recursive InterNetwork Architecture (RINA) wikipedia , lookup

Internet protocol suite wikipedia , lookup

TCP congestion control wikipedia , lookup

Hypertext Transfer Protocol wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Scanning & Enumeration
Lab 3
Once attacker knows who to attack, and knows some of
what is there (e.g. DNS servers, mail servers, etc.) the
next step is to figure out the rest of the network and its
vulnerabilities.
Network Scanning and Enumeration

The process of collecting information about computers
(assets) available on a network by either by
◦ listening to network traffic, or
◦ probing the network by sending traffic and observing what
traffic is returned as a result.
◦ E.g. scan looking for IP addresses (ping)
◦ Once you figure out what is there, then you can attack it
appropriately
 Scan for ports to see what services are available, and then apply
appropriate exploits
 Scan for user names and passwords, unused accounts, etc.
2
Port and Vulnerability Scanning

Once you know a device is present, what are its
vulnerabilities?
◦ Apply some programs to check all ports, looking for
open ports
 Some services running on certain ports have known
vulnerabilities
 http://www.faqs.org/faqs/computer-security/most-commonqs/section-21.html
 http://en.wikipedia.org/wiki/Portscanning
◦ Or you can apply some programs that specifically
look for vulnerabilities (combo of network, port and
vulnerability scan)
3
Scanning Programs

Tools used to identify what computers are active on a network, and
which ports and services are available on each computer.
◦ Verify which IP addresses are active on a network
 ping sweep
◦ Determine what services are available from each system
 port scan
 Note: port scanning may be illegal in some states

Examples:
◦ nmap (http://nmap.org/)
◦ unicornscan (http://www.unicornscan.org/)
◦ superscan (http://www.snapfiles.com/get/superscan.html)
◦ nessus (http://www.nessus.org/nessus/)
◦ fping (http://fping.sourceforge.net/), hping (http://www.hping.org/)
4
Caveat: tools have their own
footprints - but not always


“While Nmap attempts to produce accurate results, keep in mind
that all of its insights are based on packets returned by the target
machines (or firewalls in front of them). Such hosts may be
untrustworthy and send responses intended to confuse or mislead
Nmap.
Much more common are non-RFC-compliant hosts that do
not respond as they should to Nmap probes. FIN, NULL, and
Xmas scans are particularly susceptible to this problem. Such
issues are specific to certain scan types and so are discussed
in the individual scan type entries.”
“Truly advanced Nmap users need not limit themselves to the
canned scan types offered. The --scanflags option allows you to
design your own scan by specifying arbitrary TCP flags. Let your
creative juices flow, while evading intrusion detection systems
whose vendors simply paged through the Nmap man page adding
specific rules!”
5
Different kinds of scans explained

http://nmap.org/book/man-port-scanningtechniques.html
6
Internet Control Message Protocol (ICMP)

Allow servers to communicate with each other and
report errors to ensure that network paths are working
properly.
◦ The PING utility is based on the use of ICMP echo
requests and echo replies.
◦ PING is used to verify whether another network host is
accessible.
7
UDP Scanning (UDP Protocol)

Sending UDP packets to a target host to determine what
UDP ports are open.
◦ A sequence of packets is sent to a series of different UDP
port numbers to test the availability of each port.
◦ If the UDP port is OPEN on the target host, no reply is
sent.
◦ If the UDP port is NOT OPEN, an ICMP Destination
Unreachable packet is sent in response to the probe.
8
TCP Scanning (TCP Protocol)
Based on various features of TCP.
 Some of the features used for scanning and enumeration
include:

◦
◦
◦
◦
Opening a TCP connection (3-way handshake)
Closing a TCP connection
TCP connection reset
TCP null scan
9
TCP 3-way handshake
Used to establish a TCP connection.
 Packet sequence for 3-way handshake

◦ SYN segment - requests a connection (e.g., with a server)
◦ SYN-ACK - acknowledges the (client's) SYN information
and provides the (server's) information for establishing the
connection.
◦ ACK - acknowledges the (server's) information

This process can be used to determine which TCP ports
are open on a server.
10
Closing a TCP Connection

Uses a modified 3-way handshake
◦ FIN - indicates that either host (e.g., Host B) has finished
sending data and is ready to close the connection.
◦ ACK
 Host A acknowledges receipt of the FIN.
 Connection is "half-closed" at this point.
 Host B transmits no more data.
◦ FIN
 Host A indicates itis now ready to close the connection.
◦ ACK
 Host B acknowledge's A's FIN.
 The connection is closed when Host A receives the final ACK
from Host B.
11
TCP Connection Reset



Allows an application to disconnect from a connection in
abnormal circumstances.
Either host initiates by sending a TCP segment with the
RST bit set.
Receiving host immediately aborts the connection and
informs the application program that a reset has
occurred.
12
Some Types of TCP Port Scans

SYN scan
◦ Send SYN packet
◦ If port closed, target responds with RST/ACK
◦ If port open, target responds with SYN/ACK
 Sender sends RST/ACK to close connection

Connect scan
◦ Similar to SYN scan – completes 3-way handshake
◦ Connection is established

NULL scan
◦ Send packet will all flags OFF
◦ If destination port open, no response sent
◦ If destination port closed, RST packet sent
13
Enumeration

The process of extracting information from a network:
◦ Resources or shares available on the network
 Determine OS using fingerprinting/scanning
◦ User names or groups assigned on the network
◦ The last time a user logged on as well as his/her password

http://en.wikipedia.org/wiki/Network_Scanner

Tools
◦ NBTscan (http://www.inetcat.net/software/nbtscan.html)
◦ NetScanTools Pro (http://www.netscantools.com/ )
◦ Hyena (http://www.systemtools.com/hyena/?source=google3D)
◦ Finger (http://en.wikipedia.org/wiki/Finger_protocol)
◦ IKE-Scan (http://www.nta-monitor.com/tools/ike-scan/ )
14
Vulnerability Scanners




Programs designed to search for and map systems to look for
weaknesses in an application, computer or network.
http://en.wikipedia.org/wiki/Vulnerability_scanner
http://en.wikipedia.org/wiki/Web_Application_Security_Scann
er
Tools
◦ nessus (http://www.nessus.org/nessus/ )
◦ SAINT (http://www.eeye.com/html/Products/Retina/index.html)
◦ Microsoft Baseline Security Analyzer
(http://technet.microsoft.com/en-us/security/cc184924.aspx)
15
Related documents
Interview Questions
Interview Questions
Power Point - ECE Users Pages - Georgia Institute of Technology
Power Point - ECE Users Pages - Georgia Institute of Technology
Lecture 1 Installing Linux, VMware, Reconnaissance, Network
Lecture 1 Installing Linux, VMware, Reconnaissance, Network
aasg3_1
aasg3_1
old_Ch4
old_Ch4
EECS 700: Network Security
EECS 700: Network Security
Security Management System - Remote Client
Security Management System - Remote Client
1. Foundation
1. Foundation
Intrusion detection systems
Intrusion detection systems
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
The TCP/IP reference model and OSI reference model IPv4 vs. IPv6
Review related concept in Computer Networks
Review related concept in Computer Networks
Recon
Recon
Threats in the Digital World
Threats in the Digital World
TCP forking TCP forking TCP forking The single
TCP forking TCP forking TCP forking The single
The IP, TCP, UDP protocols - FSU Computer Science
The IP, TCP, UDP protocols - FSU Computer Science
Chapter 2 Network Models 2.1
Chapter 2 Network Models 2.1
Transmission Control Protocol (TCP)
Transmission Control Protocol (TCP)
Port Scanning
Port Scanning
Unit-5 - IPEM Group of Institutions
Unit-5 - IPEM Group of Institutions
sock - Kansas State University
sock - Kansas State University
15-441 Computer Networking Lecture 2 - Protocol Stacks
15-441 Computer Networking Lecture 2 - Protocol Stacks
Figure 7 Layers in the TCP/IP Protocol Suite
Figure 7 Layers in the TCP/IP Protocol Suite