Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.

Published by Modified over 8 years ago

Similar presentations

Presentation on theme: "1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation."— Presentation transcript:

1 1 Anti-Hacker Tool Kit Port Scanners Chapter 6

2 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation System Send few packets to the host

3 3 Pre Study TCP Packet Header

4 4 TCP conversation ClientServer SYN SYN/ACK ACK Connection Established ClientServer FIN ACK/FIN ACK ConnectionClosed Connect Disconnect Three-way handshake

5 5 TCP Flag Definitions Flag SYNThe beginning of a connection ACKAcknowledge receipt of a previous packet or transmission FINClose a TCP connection RSTAbort a TCP connection

6 6 Scanning for Hosts Is the host alive ? Method –Ping nmap –sP 192.168.0.1 –TCP Ping nmap –sT 192.168.0.1

7 7 Scanning for TCP Ports TCP connect –nmap –sT 192.168.0.1 RCP service –nmap –sR 192.168.0.1

8 8 SYN Scan Nmap Host SYN SYN/ACK Connect RST Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes SYNSYN/ACKPort is open Host is up SYNRSTPort is closed Host is up SYNNothingPort is blocked by firewall Or Host is down Nmap –sS

9 9 ACK Scan NmapHost Connect ACK RST ICMP unreachable Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes ACKRSTPort is not firewall-protect Port may be open or closed Host is up ACKNothing or ICMP unreachable Port is blocked by firewall if host is up No firewall~ Protected by firewall~ Nmap –sA

10 10 FIN Scan Nmap Host Connect FIN RST Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes FINRSTPort is closed Host is up FINNothingPort is open if host is up and not firewall-protected Nmap –sF

11 11 Xmas Scan Non-normal TCP operation Set the flags FIN,URG,PUSH With –sX Nmap –sX

12 12 Null scan Turn off all flags With -sN Nmap –sN

13 13 Scanning for UDP Ports Nmap Host Connect Empty UDP Packet ICMP unreachable Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes Empty UDP packet NothingPort assumed open if host responds to Ping. Port may be closed if firewall blocking ICMP Empty UDP packet ICMP unreachable Port is closed Nmap –sU

14 14 Scanning for Protocol IP Header Nmap –sO

15 15 Decoys Fragmentation Hiding Your Scan (-D) (-r)(-f) Nmap –sS –f With –sS –sF –sN -sX FTP Bounce Nmap –b anonymous@ –p Nmap –D Disable Randomizing Ports Nmap –r

16 16 Timing Your Scan Time-based algorithm Using -T option Nmap –T nameProbe Response Timeout Time Spent on One Host Time between Probes Use Parallelize d Probes Paranoid5 minUnlimited5 minNo Sneaky15 secUnlimited12 secNo Polite6 secUnlimited0.4 secNo Normal6 secUnlimitedNoneNo Aggressive1 sec5 minNoneYes Insane0.3 sec75 secNoneYes

17 17 TCP Reverse Ident Scanning Who runs the process (-I) Nmap –I

18 18 OS Fingerprinting With –O flag Sending specially TCP and UDP headers Analyze the result and compare information OS information

19 19 OS Detection on Linux Nmap –O 192.168.0.1

20 20 Mapping Networks Scanning a Class C subnet

21 21 Mapping Networks Port scans in IP section

22 22 Scanning Tools on windows Netscantools Superscan IPEYE WUPS

23 23 Netscantools Powerful tools Port scanner+finger+whois+traceRoute...etc

24 24 Super Scan

25 25 IPEYE TCP stealth scan SYN, FIN, Xmas tree, and null scan

26 26 WUPS Scanning UPD ports for Windows

27 27 Banner Identification Get the information normally –Hostname –Program –Version

28 28 Using your “Telnet” Try this FTP ServiceTelnet Service World Wide Web Service

29 29 Message log Generate TCP connect() method Normal timing option System Log

30 30 Summary Protect your host Dishonesty Footprints in the sand show where one has been.

31 31 Reference Nmap www.insecure.org/nmap/www.insecure.org/nmap/ Tcmpdump www.tcpdump.org/www.tcpdump.org/ Superscan www.foundstone.com/resources/proddesc/super scan.htm www.foundstone.com/resources/proddesc/super scan.htm Netscanools www.netscantools.comwww.netscantools.com RFC 1700 RFC 793

32 32 What is RPC Service ? Remote Procedure Call 程序呼叫 – 一個程式裡一部份呼叫另一部份去做某項工作

33 33 UDP_SCAN

34 34 UDP_SCAN

Download ppt "1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals

Computer Security Fundamentals
Nmap Experiment.

Nmap Experiment.
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.

CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Port Scanning CT1406 lab#5.

Port Scanning CT1406 lab#5.
Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.

Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Similar presentations

Ads by Google