Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Slides:



Advertisements
Similar presentations
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Advertisements

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals
Computer Security and Penetration Testing
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Computer Security and Penetration Testing
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Computer Security and Penetration Testing
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Port Scanning.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Ana Chanaba Robert Huylo
Module 7: Configuring TCP/IP Addressing and Name Resolution.
SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.
Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Penetration Testing Security Analysis and Advanced Tools: Snort.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
PA3: Router Junxian (Jim) Huang EECS 489 W11 /
A+ Guide to Managing and Maintaining Your PC Fifth Edition Chapter 19 PCs on the Internet.
This courseware is copyrighted © 2015 gtslearning. No part of this courseware or any training material supplied by gtslearning International Limited to.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Connecting to a Network Lesson 5. Objectives Understand the OSI Reference Model and its relationship to Windows 7 networking Install and configure networking.
1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Linux Networking and Security
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
MIS Week 6 Site:
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Retina Network Security Scanner
Hands-On Ethical Hacking and Network Defense
Scanning.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
CITA 352 Chapter 2 TCP/IP Concepts Review. Overview of TCP/IP Protocol –Language used by computers –Transmission Control Protocol/Internet Protocol (TCP/IP)
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Access Control Lists Accessing the WAN – Chapter 5.
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.
Protection (tools).
Hands-On Ethical Hacking and Network Defense
Penetration Testing Scanning
Port Scanning James Tate II
DDoS Attacks on Financial Institutions Presentation
CITA 352 Chapter 5 Port Scanning.
Module 18 (More Network Discovery)
Chapter 4: Access Control Lists (ACLs)
Intro to Ethical Hacking
Presentation transcript:

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning

Objectives After reading this chapter and completing the exercises, you will be able to: –Describe port scanning and types of port scans –Describe port-scanning tools –Explain what ping sweeps are used for –Explain how shell scripting is used to automate security tasks Hands-On Ethical Hacking and Network Defense, Second Edition2

Introduction to Port Scanning Port Scanning –Finds which services are offered by a host –Identifies vulnerabilities Open services can be used on attacks –Identify vulnerable port and launch exploit Scans all ports when testing –Not just well-known ports Hands-On Ethical Hacking and Network Defense, Second Edition3

4 Figure 5-1 The AW Security Port Scanner interface

Introduction to Port Scanning (cont’d.) Port scanning programs report: –Open ports –Closed ports –Filtered ports –Best-guess running OS Hands-On Ethical Hacking and Network Defense, Second Edition5

Types of Port Scans SYN scan –Stealthy scan Connect scan –Completes three-way handshake NULL scan –Packet flags are turned off XMAS scan –FIN, PSH and URG flags are set Hands-On Ethical Hacking and Network Defense, Second Edition6

Types of Port Scans (cont’d.) ACK scan –Used to get past firewall FIN scan –Closed port responds with an RST packet UDP scan –Closed port responds with ICMP “Port Unreachable” message Hands-On Ethical Hacking and Network Defense, Second Edition7

Using Port-Scanning Tools Port-scanning tools –Hundreds available –Not all are accurate Be familiar with a variety Practice often Some tools include: –Nmap –Unicornscan –Nessus and OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition8

Nmap Originally written for Phrack magazine –One of the most popular tools –New features frequently added GUI front end –Zenmap Standard tool for security professionals –Command: nmap Scans every port on computer with this IP address Hands-On Ethical Hacking and Network Defense, Second Edition9

10 Figure 5-2 The Nmap help screen

Unicornscan Developed to assist with large network tests –Ideal for large-scale endeavors –Scans 65,535 ports in three to seven seconds Handles port scanning using: –TCP –ICMP –IP Optimizes UDP scanning Hands-On Ethical Hacking and Network Defense, Second Edition11

Nessus and OpenVAS Nessus –First released in 1998 –No longer under GPL license Still available for download OpenVAS –Open-source fork of Nessus –Performs complex queries while client interfaces with server –Capable of updating security check plug-ins Security test programs (scripts) Hands-On Ethical Hacking and Network Defense, Second Edition12

Hands-On Ethical Hacking and Network Defense, Second Edition13 Figure 5-3 OpenVAS with a safe checks warning

Hands-On Ethical Hacking and Network Defense, Second Edition14 Figure 5-4 OpenVAS discovers a vulnerability

Conducting Ping Sweeps Ping sweeps –Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems –Shut down computers cannot respond –Networks may be configured to block ICMP Echo Requests –Firewalls may filter out ICMP traffic Hands-On Ethical Hacking and Network Defense, Second Edition15

FPing Ping multiple IP addresses simultaneously Accepts a range of IP addresses –Entered at a command prompt –File containing multiple IP addresses Input file –Usually created with shell-scripting language Hands-On Ethical Hacking and Network Defense, Second Edition16

Hands-On Ethical Hacking and Network Defense, Second Edition17 Figure 5-5 Fping parameters

Hands-On Ethical Hacking and Network Defense, Second Edition18 Figure 5-6 Results of an Fping command

Hping Used to: –Perform ping sweeps –Bypass filtering devices Allows users to inject modified IP packets Powerful tool –All security testers must be familiar with tool –Supports many parameters Hands-On Ethical Hacking and Network Defense, Second Edition19

Hands-On Ethical Hacking and Network Defense, Second Edition20 Figure 5-7 Hping help, page 1

Hands-On Ethical Hacking and Network Defense, Second Edition21 Figure 5-8 Hping help, page 2

Hands-On Ethical Hacking and Network Defense, Second Edition22 Figure 5-9 Hping help, page 3

Crafting IP Packets Packet components –Source IP address –Destination IP address –Flags Helps obtain information about a service Tools: –Hping –Fping Hands-On Ethical Hacking and Network Defense, Second Edition23

Understanding Scripting Modify tools to better suit your needs Customized scripts –Automates tasks –Time saving –Requires basic programming skills Hands-On Ethical Hacking and Network Defense, Second Edition24

Scripting Basics Similar to DOS batch programming Script or batch file –Text file –Contains multiple commands Repetitive commands –Good candidate for scripting Practice is the key Hands-On Ethical Hacking and Network Defense, Second Edition25

Hands-On Ethical Hacking and Network Defense, Second Edition26 Table 5-1 Summary of vi commands

Hands-On Ethical Hacking and Network Defense, Second Edition27 Figure 5-10 A shell script

Summary Port scanning (i.e., service scanning) –Scanning a range of IP address –Determines running services Port scan types –SYN –ACK –FIN Hands-On Ethical Hacking and Network Defense, Second Edition28

Summary (cont’d.) Port scanning tools –Nmap –Nessus –OpenVAS –Unicornscan Ping sweeps –Determine which computers are “live” Scripts –Automate time-consuming tasks Hands-On Ethical Hacking and Network Defense, Second Edition29

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.