CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Slides:



Advertisements
Similar presentations
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor
IP Network Scanning.
Scanning CS-480b Dick Steflik. What Can We Scan For Modems (and other telephone devices) Live Hosts TCP ports UDP ports Promiscuous NICs.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Port Scanning CT1406 lab#5.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing
Deff Arnaldy
Port Scanning Prabhaker Mateti. Mateti, Port Scanning2 Port scanning Attackers wish to discover services they can break into. Attackers wish to discover.
Port Scanning.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Ana Chanaba Robert Huylo
SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
CIS 450 – Network Security Chapter 3 – Information Gathering.
1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.
Port Scanning. Introduction Port scanning –techniques that attackers use to discover services they can break into. Idea –sending a message to each port,
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
CIT 380: Securing Computer Systems
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
Computer Science and Engineering Computer System Security CSE 5339/7339 Session 25 November 16, 2004.
EECS 4980/6980: Computer SecuritySlide #1 EECS 4980/6980 Phase 1: Reconnaissance Phase 2: Scanning.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Hands-On Ethical Hacking and Network Defense
Port Scanning Detection Zelfi Security Team Project1 Supervised by Loai Bani Melhim Issa Smadi April 11 1 Network Security Project Team.
Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Covert Channels.
Network and Port Scanning Chien-Chung Shen
Protection (tools).
Port Scanning James Tate II
CITA 352 Chapter 5 Port Scanning.
Intro to Ethical Hacking
Port Scanning (based on nmap tool)
TCP/IP Internetworking
TCP/IP Internetworking
CIT 480: Securing Computer Systems
Information Gathering
Module 18 (More Network Discovery)
Intro to Ethical Hacking
The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.
Figure 3-23: Transmission Control Protocol (TCP) (Study Figure)
TCP XMAS.
EVAPI - Enumeration Auburn Hacking club
Presentation transcript:

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning

War Driving Finding wireless access points CIT 380: Securing Computer SystemsSlide #2

NetStumbler Sends out ESSID any Waits for Access Points to respond (free) Figure 6.1 on page 244 CIT 380: Securing Computer SystemsSlide #3

Wellenreiter Passively discovers wireless systems Linux Figure 6.2 on page 246 CIT 380: Securing Computer SystemsSlide #4

ESSID-Jack Figure 6.3 page 248 CIT 380: Securing Computer SystemsSlide #5

Defenses Use WPA protocol Use ESSID that does not identify you Use VPN Detecting Rogue Access Points CIT 380: Securing Computer SystemsSlide #6

War Dialing Attacker dial range of numbers looking for modems THC-Scan Figure 6.4 on page 255 Random dialing Random waiting time Nudging to discover the system from banners and login prompt CIT 380: Securing Computer SystemsSlide #7

War Dialing Look for systems without passwords Look for default passwords Run list of passwords CIT 380: Securing Computer SystemsSlide #8

Why Modems To allow access to routers, etc. To bypass VPNs (Rogue Modems) CIT 380: Securing Computer SystemsSlide #9

Defenses Modem Policy Test for rogue modems CIT 380: Securing Computer SystemsSlide #10

CIT 380: Securing Computer SystemsSlide #11 Topics 1.Port Scanning 2.Stealth Scanning 3.Version Identification 4.OS Fingerprinting 5.Vulnerability Scanning

CIT 380: Securing Computer SystemsSlide #12 Port Scanning Method of discovering exploitable communication channels by probing networked hosts to find which TCP and UDP ports they’re listening on.

nmap Fyodor Table 6.2 on pages CIT 380: Securing Computer SystemsSlide #13

CIT 380: Securing Computer SystemsSlide #14 nmap TCP connect() scan > nmap -sT at204m02 (1645 ports scanned but not shown are in state: closed) PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 111/tcp open rpcbind 443/tcp open https 515/tcp open printer 2049/tcp open nfs 4045/tcp open lockd 5432/tcp open postgres 5901/tcp open vnc /tcp open X /tcp open sometimes-rpc13 Nmap run completed -- 1 IP address (1 host up) scanned in seconds

CIT 380: Securing Computer SystemsSlide #15 Scanning Techniques 1.TCP connect() scan 2.TCP SYN scan 3.TCP FIN scan 4.TCP Xmas scan 5.TCP Null scan 6.TCP ACK scan 7.Fragmentation Scan 8.FTP bounce scan 9.Idle Scan 10.UDP scan

CIT 380: Securing Computer SystemsSlide #16 TCP connect() scan Use connect() system call on each port, following normal TCP connection protocol (3-way handshake). connect() will succeed if port is listening. Advantages: fast, requires no privileges Disadvantages: easily detectable and blockable.

CIT 380: Securing Computer SystemsSlide #17 TCP SYN Scan Send SYN packet and wait for response –SYN+ACK Port is open Send RST to tear down connection –RST Port is closed Advantage: less likely to be logged or blocked Disadvantage: requires root privilege

CIT 380: Securing Computer SystemsSlide #18 TCP FIN scan Send TCP FIN packet and wait for response –No response Port is open –RST Port is closed. Advantages: more stealthy than SYN scan Disadvantages: MS Windows doesn’t follow standard (RFC 793) and responds with RST in both cases, requires root privilege.

CIT 380: Securing Computer SystemsSlide #19 Xmas and Null Scans Similar to FIN scan with different flag settings. Xmas Scan: Sets FIN, URG, and PUSH flags. Null Scan: Turns off all TCP flags.

CIT 380: Securing Computer SystemsSlide #20 TCP ACK Scan Does not identify open ports Used to determine firewall type –Packet filter (identifies responses by ACK bit) –Stateful Send TCP ACK packet to specified port –RST Port is unfiltered (packet got through) –No response or ICMP unreachable Port is filtered

CIT 380: Securing Computer SystemsSlide #21 Fragmentation Scan Modify TCP stealth scan (SYN, FIN, Xmas, NULL) to use tiny fragmented IP datagrams. Advantages: increases difficulty of scan detection and blocking. Disadvantages: does not work on all Oses, and may crash some firewalls/sniffers.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.