Download Chapter 5

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
page
18
page
19
page
20
page
21
page
22
page
23
page
24
page
25
page
26
page
27
page
28
page
29
page
30
page
31
page
32
page
33
page
34
Document related concepts

Distributed firewall wikipedia , lookup

Network tap wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

Transcript 
Hands-On Ethical Hacking
and Network Defense
Chapter 5
Port Scanning
Objectives
•
•
•
•
•
Describe port scanning
Describe different types of port scans
Describe various port-scanning tools
Explain what ping sweeps are used for
Explain how shell scripting is used to
automate security tasks
Hands-On Ethical Hacking and Network Defense
2
Introduction to Port
Scanning
• Port Scanning
• Finds out which services are offered by a host
• Identifies vulnerabilities
• Open services can be used on attacks
• Identify a vulnerable port
• Launch an exploit
• Scan all ports when testing
• Not just well-known ports
Hands-On Ethical Hacking and Network Defense
3
Hands-On Ethical Hacking and Network Defense
4
Introduction to Port
Scanning (continued)
• Port scanning programs report
•
•
•
•
Open ports
Closed ports
Filtered ports
Best-guess assessment of which OS is
running
Hands-On Ethical Hacking and Network Defense
5
Types of Port Scans
• SYN scan
• Stealthy scan
• Connect scan
• Completes the three-way handshake
• NULL scan
• Packet flags are turned off
• XMAS scan
• FIN, PSH and URG flags are set
Hands-On Ethical Hacking and Network Defense
6
Types of Port Scans
(continued)
• ACK scan
• Used to past a firewall
• FIN scan
• Closed port responds with an RST packet
• UDP scan
• Closed port responds with ICMP “Port
Unreachable” message
Hands-On Ethical Hacking and Network Defense
7
Using Port-Scanning Tools
•
•
•
•
Nmap
Unicornscan
NetScanTools Pro 2004
Nessus
Hands-On Ethical Hacking and Network Defense
8
Nmap
• Originally written for Phrack magazine
• One of the most popular tools
• GUI version
• Xnmap
• Open source tool
• Standard tool for security professionals
Hands-On Ethical Hacking and Network Defense
9
Hands-On Ethical Hacking and Network Defense
10
Unicornscan
• Developed in 2004
• Ideal for large networks
• Scans 65,535 ports in three to seven
seconds
• Handles port scanning using
• TCP
• ICMP
• IP
• Optimizes UDP scanning
Hands-On Ethical Hacking and Network Defense
11
NetScanTools Pro 2004
• Robust easy-to-use commercial tool
• Supported OSs
• *NIX
• Windows
• Types of tests
•
•
•
•
Database vulnerabilities
E-mail account vulnerabilities
DHCP server discovery
IP packets and name servers
Hands-On Ethical Hacking and Network Defense
12
Hands-On Ethical Hacking and Network Defense
13
Hands-On Ethical Hacking and Network Defense
14
Nessus
•
•
•
•
•
First released in 1998
Open source tool
Uses a client/server technology
Conducts testing from different locations
Can use different OSs for client and
network
Hands-On Ethical Hacking and Network Defense
15
Nessus (continued)
• Server
• Any *NIX platform
• Client
• Can be UNIX or Windows
• Functions much like a database server
• Ability to update security checks plug-ins
• Scripts
• Some plug-ins are considered dangerous
Hands-On Ethical Hacking and Network Defense
16
Hands-On Ethical Hacking and Network Defense
17
Nessus (continued)
• Finds services running on ports
• Finds vulnerabilities associated with
identified services
Hands-On Ethical Hacking and Network Defense
18
Hands-On Ethical Hacking and Network Defense
19
Conducting Ping Sweeps
• Ping sweeps
• Identify which IP addresses belong to active
hosts
• Ping a range of IP addresses
• Problems
• Computers that are shut down cannot
respond
• Networks may be configured to block ICMP
Echo Requests
• Firewalls may filter out ICMP traffic
Hands-On Ethical Hacking and Network Defense
20
FPing
•
•
•
•
Ping multiple IP addresses simultaneously
www.fping.com/download
Command-line tool
Input: multiple IP addresses
• Entered at a shell
• -g option
• Input file with addresses
• -f option
Hands-On Ethical Hacking and Network Defense
21
Hands-On Ethical Hacking and Network Defense
22
Hands-On Ethical Hacking and Network Defense
23
Hping
• Used to bypass filtering devices
• Allows users to fragment and manipulate IP packets
• www.hping.org/download
• Powerful tool
• All security testers must be familiar with tool
• Supports many parameters (command options)
Hands-On Ethical Hacking and Network Defense
24
Hands-On Ethical Hacking and Network Defense
25
Hands-On Ethical Hacking and Network Defense
26
Hands-On Ethical Hacking and Network Defense
27
Crafting IP Packets
• Packet components
• Source IP address
• Destination IP address
• Flags
• Crafting packets helps you obtain more
information about a service
• Tools
• Fping
• Hping
Hands-On Ethical Hacking and Network Defense
28
Understanding Shell Scripting
• Modify tools to better suit your needs
• Script
• Computer program that automates tasks
• Time-saving solution
Hands-On Ethical Hacking and Network Defense
29
Scripting Basics
• Similar to DOS batch programming
• Script or batch file
• Text file
• Contains multiple commands
• Repetitive commands are good candidate
for scripting
• Practice is the key
Hands-On Ethical Hacking and Network Defense
30
Hands-On Ethical Hacking and Network Defense
31
Hands-On Ethical Hacking and Network Defense
32
Summary
• Port scanning
• Also referred as service scanning
• Process of scanning a range of IP address
• Determines what services are running
• Port scan types
•
•
•
•
•
SYN
ACK
FIN
UDP
Others: Connect, NULL, XMAS
Hands-On Ethical Hacking and Network Defense
33
Summary (continued)
• Port scanning tools
• Nmap
• Nessus
• Unicornscan
• Ping sweeps
• Determine which computers are “alive”
• Shell scripting
• Helps with automating tasks
Hands-On Ethical Hacking and Network Defense
34
Related documents
Growth Hacking - Roy Povarchik
Growth Hacking - Roy Povarchik
What can “Economics of Information Security” offer for SMEs
What can “Economics of Information Security” offer for SMEs
computer science technology
computer science technology
Challenges of Strategic Communication
Challenges of Strategic Communication
9781435486096_PPT_ch05
9781435486096_PPT_ch05
Trade: Free or Coerced?
Trade: Free or Coerced?
FOUR TOUGH ETHICAL DILEMMAS  RIGHT vs RIGHT DECISIONS  By RUSHWORTH KIDDER  HOW GOOD PEOPLE MAKE TOUGH CHOICES 
FOUR TOUGH ETHICAL DILEMMAS  RIGHT vs RIGHT DECISIONS  By RUSHWORTH KIDDER  HOW GOOD PEOPLE MAKE TOUGH CHOICES 
What Makes a Leader? - Bishop Kearney SharePoint
What Makes a Leader? - Bishop Kearney SharePoint
Ethics
Ethics
P2 Explain how current trends will impact on a start up business
P2 Explain how current trends will impact on a start up business
Chapter Twelve International Business and Globalization
Chapter Twelve International Business and Globalization
Hands-On Ethical Hacking and Network Security
Hands-On Ethical Hacking and Network Security