Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Similar presentations


Presentation on theme: "Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

2 Hands-On Ethical Hacking and Network Defense2 Objectives Describe port scanning Describe different types of port scans Describe various port-scanning tools Explain what ping sweeps are used for Explain how shell scripting is used to automate security tasks

3 Hands-On Ethical Hacking and Network Defense3 Introduction to Port Scanning Port Scanning Finds out which services are offered by a host Identifies vulnerabilities Open services can be used on attacks Identify a vulnerable port Launch an exploit Scan all ports when testing Not just well-known ports

4 Hands-On Ethical Hacking and Network Defense4

5 5 Introduction to Port Scanning (continued) Port scanning programs report Open ports Closed ports Filtered ports Best-guess assessment of which OS is running

6 Hands-On Ethical Hacking and Network Defense6 Types of Port Scans SYN scan Stealthy scan Connect scan Completes the three-way handshake NULL scan Packet flags are turned off XMAS scan FIN, PSH and URG flags are set

7 Hands-On Ethical Hacking and Network Defense7 Types of Port Scans (continued) ACK scan Used to past a firewall FIN scan Closed port responds with an RST packet UDP scan Closed port responds with ICMP “Port Unreachable” message

8 Hands-On Ethical Hacking and Network Defense8 Using Port-Scanning Tools Nmap Unicornscan NetScanTools Pro 2004 Nessus

9 Hands-On Ethical Hacking and Network Defense9 Nmap Originally written for Phrack magazine One of the most popular tools GUI version Xnmap Open source tool Standard tool for security professionals

10 Hands-On Ethical Hacking and Network Defense10

11 Hands-On Ethical Hacking and Network Defense11 Unicornscan Developed in 2004 Ideal for large networks Scans 65,535 ports in three to seven seconds Handles port scanning using TCP ICMP IP Optimizes UDP scanning

12 Hands-On Ethical Hacking and Network Defense12 NetScanTools Pro 2004 Robust easy-to-use commercial tool Supported OSs *NIX Windows Types of tests Database vulnerabilities account vulnerabilities DHCP server discovery IP packets and name servers OS fingerprinting

13 Hands-On Ethical Hacking and Network Defense13

14 Hands-On Ethical Hacking and Network Defense14

15 Hands-On Ethical Hacking and Network Defense15 Nessus First released in 1998 Open source tool Uses a client/server technology Conducts testing from different locations Can use different OSs for client and network

16 Hands-On Ethical Hacking and Network Defense16 Nessus (continued) Server Any *NIX platform Client Can be UNIX or Windows Functions much like a database server Ability to update security checks plug-ins Scripts Some plug-ins are considered dangerous

17 Hands-On Ethical Hacking and Network Defense17

18 Hands-On Ethical Hacking and Network Defense18 Nessus (continued) Finds services running on ports Finds vulnerabilities associated with identified services

19 Hands-On Ethical Hacking and Network Defense19

20 Hands-On Ethical Hacking and Network Defense20 Conducting Ping Sweeps Ping sweeps Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems Computers that are shut down cannot respond Networks may be configured to block ICMP Echo Requests Firewalls may filter out ICMP traffic

21 Hands-On Ethical Hacking and Network Defense21 FPing Ping multiple IP addresses simultaneously Command-line tool Input: multiple IP addresses Entered at a shell -g option Input file with addresses -f option

22 Hands-On Ethical Hacking and Network Defense22

23 Hands-On Ethical Hacking and Network Defense23

24 Hands-On Ethical Hacking and Network Defense24 Hping Used to bypass filtering devices Allows users to fragment and manipulate IP packets Powerful tool All security testers must be familiar with tool Supports many parameters (command options)

25 Hands-On Ethical Hacking and Network Defense25

26 Hands-On Ethical Hacking and Network Defense26

27 Hands-On Ethical Hacking and Network Defense27

28 Hands-On Ethical Hacking and Network Defense28 Crafting IP Packets Packet components Source IP address Destination IP address Flags Crafting packets helps you obtain more information about a service Tools Fping Hping

29 Hands-On Ethical Hacking and Network Defense29 Understanding Shell Scripting Modify tools to better suit your needs Script Computer program that automates tasks Time-saving solution

30 Hands-On Ethical Hacking and Network Defense30 Scripting Basics Similar to DOS batch programming Script or batch file Text file Contains multiple commands Repetitive commands are good candidate for scripting Practice is the key

31 Hands-On Ethical Hacking and Network Defense31

32 Hands-On Ethical Hacking and Network Defense32

33 Hands-On Ethical Hacking and Network Defense33 Summary Port scanning Also referred as service scanning Process of scanning a range of IP address Determines what services are running Port scan types SYN ACK FIN UDP Others: Connect, NULL, XMAS

34 Hands-On Ethical Hacking and Network Defense34 Summary (continued) Port scanning tools Nmap Nessus Unicornscan Ping sweeps Determine which computers are “alive” Shell scripting Helps with automating tasks


Download ppt "Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning."

Similar presentations


Ads by Google