Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Script Kiddies Network Security Port Scans.

Published byPatience Taylor Modified over 7 years ago

Similar presentations

Presentation on theme: "Security Script Kiddies Network Security Port Scans."— Presentation transcript:

1 Security Script Kiddies Network Security Port Scans

2 Security Network Security Port Scans Port scans are like a “brute force style of bulk mail” (Fyodor, The Art of Port Scanning). Send an “advertisement” in hopes of receiving a response. A response indicates you have a live connection. TCP port scans utilize the TCP protocol to send SYN packets to a port. If the scanner receives a SYN/ACK from the port, the port is live. The scanner sends a RST to shut down the port. Log the “live ones” for use later.

3 Security Network Security Port Scans First, you gotta find suckers Either loop through the address space 129.186.0.1 129.186.0.2..... Or run a network monitoring tool like iptraf or etherape or tcpdump or... Then you have to see what entrances they've left open...

4 Security Network Security Port Scans Many port scanners are available for use The most popular is nmap and comes free with Red Hat (http://www.insecure.org/nmap/) Exercise: Use nmap to find the open ports on your system: # /usr/bin/nmap -v -sS -O localhost

5 Security Network Security Port Scans

6 Security Network Security DOS Any incident which prevents your computer from executing its tasks is a Denial Of Service A DOS is typically a network attack against one or more ports, rendering attempts to connect useless.

7 Security Network Security DOS Exercise: SYN Flood Open a second terminal (window 2) In window 2: # /bin/netstat -t -c In window 1: # cd /opt/exercises/Security #./dos localhost 22

8 Security Network Security DOS Exercise: SYN Flood Open a second terminal (window 2) In window 2: Kill netstat with CTRL-C then try logging in # /usr/bin/ssh localhost

9 Security DOS (Denial Of Service) Other DOSes include defacing websites, spam, viruses and worms The first worm did not attack a Microsoft or an Apple OS. It attacked UNIX computers world-wide More dangerous are Distributed DOSes (DDOSes). One machine instructs several machines to attack one or more sites. First appeared in 2000 against Yahoo and CNN amongst others

10 Security Network Security DOS

11 Security Exploits and rootkits A DOS is manageable. What do you do when your system is compromised? Rebuild and learn more about security? Some programs are poorly written and are subject to exploits Most common exploit: buffer overrun

12 Security Exploits and rootkits Buffer overrun allows someone to cause a harmless program to start a shell by manipulating the memory Functions, when executed, have their instructions placed on the stack A piece of a stack looks like this: buffer sfp return [BBBBBBBBBB][xxxx][xxxx]

13 Security Exploits and rootkits buffer sfp return [BBBBBBBBBB][xxxx][xxxx] return is the important item here – it contains the return address. The return address points to the next code to be executed

14 Security Exploits and rootkits The goal of a buffer overrun is to replace the contents of the buffer with instructions to be executed and to replace the contents of the return address with the address in the buffer where our exploit code is. So, we just take advantage of poor code that permits an overwrite of the buffer. Poor code copies more data into the buffer than is needed. Our special return code is part of that extra data strcpy vs strncpy

15 Security Exploits and rootkits If our exploit code contains the following: char *name[2]; name[0] = "/bin/sh"; name[1] = 0x0; execve(name[0], name, 0x0); exit(0); we've spawned a shell. If the program is a daemon running as root, the user now has a shell AS ROOT!

16 Security Exploits and rootkits Once a shell has started, the user can do anything they want. First thing to do – hide your tracks with a rootkit rootkits replace programs such as ps and ls with modified binaries. A sysadmin would normally use these to look for files and processes that shouldn't be there. The modified versions mask these files and processes

17 Security Exploits and rootkits Exercise: lrk5 # cd /opt/exercises/Security/lrk5 # more README

18 Security Sniffing One oldie-but-goody method is to hijack someone's password On insecure network segments, just record or sniff the traffic on the segment Save the data to a file and mine it for passwords Two good packages for sniffing network traffic: tcpdumpethereal (wireshark)

19 Security Sniffing With switched segments, this is becoming much harder to do The switch monitors connections and makes sure that two connected sockets only talk to each other But this can be compromised by man- in-the-middle attacks, where one machine impersonates another and intercepts and returns its packets

20 Security Sniffing Exercise: Telnet, ssh and Wireshark Make your telnet service insecure: # nano /etc/xinetd.d/telnet (Change disable=yes to disable=no) # service xinetd restart

21 Security Sniffing Exercise: Telnet and Wireshark Capture network packets: # /usr/bin/wireshark & Choose Capture->Options from menu Choose interface l0 Click on Start button

22 Security Sniffing Exercise: Telnet, ssh and Wireshark Capture network packets: # telnet localhost Login as root # ls / # CTRL-D # ssh root@localhostroot@localhost Enter root password # ls / # CTRL-D Choose Capture -> STOP in menu

23 Security Network Security Sniffing Exercise: Telnet and Wireshark Analyze the packets: Click on Protocol column heading to sort Click on a line that has TELNET as its protocol Click on Analyze->Follow TCP Stream VOILA!

24 Security Network Security Sniffing Exercise: ssh and Wireshark Analyze the packets: Click on Clear to clear the packet filtering Click on a line that has ssh as its protocol Click on Analyze->Follow TCP Stream Notice the difference?

25 Security Network Security Sniffing Exercise: Telnet and Wireshark Make your service secure again: # nano /etc/xinetd.d/telnet (Change disable=no to disable=yes) # service xinetd restart

Download ppt "Security Script Kiddies Network Security Port Scans."

Similar presentations

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.

Password Cracking, Network Sniffing, Man-in-the-Middle attacks, and Virtual Private Networks Lab 2 – Class Discussion Group 3 Ruhull Alam Bhuiyan Keon.
Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.

Denial of Service & Session Hijacking.  Rendering a system unusable to those who deserve it  Consume bandwidth or disk space  Overwhelming amount of.
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Using tcpdump. tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. tcpdump operates.

Using tcpdump. tcpdump is a powerful tool that allows us to sniff network packets and make some statistical analysis out of those dumps. tcpdump operates.
Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.

Sniffing, Spoofing, Hijacking This presentation is an amalgam of presentations by Mark Michael, Randy Marchany and Ed Skoudis. I have edited and added.
Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.

Telnet and FTP. Telnet Lets you use the resources of some other computer on the Internet to access files, run programs, etc. Creates interactive connection.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN 0-07-212773-2.

Hacking Linux Based on Hacking Linux Exposed Hatch, Lee, and Kurtz ISBN
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Network Attacks Mark Shtern.

Network Attacks Mark Shtern.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.

1 Protection Protection = access control Goals of protection Protecting general objects Example: file protection in Linux.
Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.

Securing Network using Linux. Lesson Outline Setting up a secure system TCP Wrapper configuration Firewalls in Linux Authentication Systems –NIS –Kerberos.
Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.

Exam ● On May 15, at 10:30am in this room ● Two hour exam ● Open Notes ● Will mostly cover material since Exam 2 ● No, You may not take it early.
The Internet. Telnet Telnet means using your computer as a terminal. All commands you type are sent to the host computer you are connected to and executed.

The Internet. Telnet Telnet means using your computer as a terminal. All commands you type are sent to the host computer you are connected to and executed.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.

Viruses and Spyware. What is a Virus? A virus can be defined as a computer program that can reproduce by changing other programs to include a copy of.
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google