Ana Chanaba Robert Huylo

Slides:



Advertisements
Similar presentations
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Advertisements

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Computer Security Fundamentals
Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Vulnerability Analysis Borrowed from the CLICS group.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing
Deff Arnaldy
Port Scanning Prabhaker Mateti. Mateti, Port Scanning2 Port scanning Attackers wish to discover services they can break into. Attackers wish to discover.
Penetration Testing.
Port Scanning.
Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 
SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Karlstad University Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
AppSec USA 2014 Denver, Colorado nmap 101 An introduction to the timeless network scanner.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.
Port Scanning. Introduction Port scanning –techniques that attackers use to discover services they can break into. Idea –sending a message to each port,
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
CIT 380: Securing Computer Systems
Port Scanning and Enumeration (NMAP)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Linux Networking and Security
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
Footprinting and Scanning
Hands-On Ethical Hacking and Network Defense
Scanning.
Network and Port Scanning Chien-Chung Shen
Introduction to Vulnerability Assessment Labs Ge Zhang Dvg-C03.
Protection (tools).
Hands-On Ethical Hacking and Network Defense
Penetration Testing Scanning
Computer Security Fundamentals
Port Scanning James Tate II
Footprinting and Scanning
CITA 352 Chapter 5 Port Scanning.
Port Scanning (based on nmap tool)
CIT 480: Securing Computer Systems
Information Gathering
Module 18 (More Network Discovery)
Footprinting and Scanning
CS580 Special Project: IOS Firewall Setup using CISCO 1600 router
EVAPI - Enumeration Auburn Hacking club
Presentation transcript:

Ana Chanaba Robert Huylo NMAP Ana Chanaba Robert Huylo

nmap “network mapper” Security tool nmapFE v3.81 - What does your system look like to someone who is trying to break in - Find the holes in your security before somebody else does nmapFE v3.81 - graphical frontend to nmap - rpm available at www.insecure.org/nmap - lab102 & lab103

Basic nmap functions 1.) Host Discovery 2.) Port Scanning - Which hosts are up (IP Addresses) - Ping scans 2.) Port Scanning - Which ports of a target host have servers listening on them - Allows a guess of software and services a machine is running 3.) OS Detection - TCP/IP fingerprinting

Anatomy of nmap argument nmap –sS -PO -O -p 1-1024 134.198.161.* -s_ : Scan type -P_ : Ping type -O : Optional OS detection -p #-# : port range IP range: 134.198.161.0/24, 134.198.161.1-254

1.) Host Discovery Determine which hosts are up Firewall interference - Does not include port scans or OS detection nmap –sP 134.198.161.* - Utilizes variety of messaging protocols - ICMP/TCP/UDP Firewall interference - Firewalls check to see if packets are part of a previously established connection Used before portscan - Ping sweep (-sP) - Check to see if host is up before scanning ports

Customizing Pings -PO : ICMP -PA : TCP ACK -PU : UDP -PP : ICMP timestamp -PM : Netmask request -PS : TCP SYN -PB : (default) TCP ACK & ICMP Ping specific ports: nmap –sP –PO25 ….

2.) Port Scanning Insight to what services a host may be running “Well-known” or “Interesting” ports - 1-1024 - 65,535 total TCP & UDP ports Scan displays (for each port) Service name Port number Port State Protocol

Scanning Options nmap –sS … - TCP SYN scan - default port scan for nmap user with root privileges - “half-open” – skips last step of 3-way handshake and probes without actual connection for stealth nmap –sT … - TCP connect() scan - default port scan for default nmap user - requires full connection – easily detectable

Port States open: will accept connections filtered: firewall or other network obstacle is covering port unfiltered or closed: determined to be closed with no obstacles or interference - most common case

Scanning Options Avoid SYN scanning to probe beyond firewall -sF : Stealth FIN scan -sX : Xmas tree scan -sN : Null scan -sV : Version detection -sU : UDP scan -sI : Idlescan -sA : ACK scan -b : bounce attack (FTP)

3.) OS Detection nmap –O … TCP/IP fingerprinting OS guess made by looking at the particulars of how a host implements TCP/IP - Includes possible range of versions and “uptime” test Fingerprint compared to DB of known OS fingerprints Nmap sends seven TCP/IP crafted packets (called tests) and waits for the answer. Results are checked against a database of known results (OS signatures database). This database is a text file that contains the result answered (signature) by each OS known.

OS Detection Reasons to hide OS Security: Hacker could base an attack on a host from known weaknesses in the target OS Revealing your OS makes things easier to find and successfully run an exploit against any of your devices. Knowing your OS can also become more dangerous, because people can guess which applications are you running in that OS It could be convenient for other software companies, to offer you a new OS environment

OS Detection Many techniques to fingerprint networking stacks. If you combine enough of these. You can narrow down the OS very tightly. You can start out as simply as "nmap -O -sS targethost".

OS Detection -O requires root privileges, it uses this information to create a fingerprint, and decide what type of system you are scanning. OS detection is far more effective if at least one open and one close TCP port are found.

Miscellaneous options -A which turn on OS detection too. -F tells nmap to scan only ports registered in nmap-services. -T4 causes nmap to go faster. -I gives the username that owns available processes -iR Use this command to instruct nmap to scan random hosts for you.

Misc. Options -v verbose This is a highly recommended option and it gives out more information. You can use it twice for better effects. -d debug mode -p : port range, what ports you want to specify -T : scan timing or throttling options <Paranoid|Sneaky|Polite|Normal|Aggressive|Insane> - Addresses concerns about detection and crashing host

OS DETECTION nmap -0 134.198.161.254 nmap -A -T4 -F 134.198.161.101 RPC services are treated with brute force. RPC scanner to determine version. nmap -sS -p 80 -O -v 134.198.161.254

References nmap & nmapFE man pages www.insecure.org Text Chp 21.7 www.linux.org

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.