Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006

2 Objectives Conduct basic system reconnaissance Use port scanners Derive useful information about a Web site Locate useful information from newsgroup postings Use vulnerability scanners Use port monitoring utilities

3 Introduction Hacker’s goals  Footprint a system Examining a potential target system  Compromise a target  Gain access to that system Your goals  Understanding system auditing Examining your own system  Understanding how hackers gain access  Understanding hacker’s tools

4 Basic Reconnaissance ( 偵察 ) Windows tools for reconnaissance  Nslookup (name server lookup)  Whois (  ARIN (en.wikipedia.org/wiki/ARIN)  Web-based tools  Target Web site  Social engineering

5 Basic Reconnaissance (cont.) Netcraft is an online utility that tells  What Web server software a site is running  What operating system it is using  Other important information  Go to “What’s that site running?”  Type in  Press Enter

6 Basic Reconnaissance (cont.) Tracing IP address  Map all addresses between a system and a target Trace route VisualRoute 

7 Basic Reconnaissance (cont.) Use this information  “Google” names found in your search  “Google” addresses of the administrators, using Google groups

8 Basic Reconnaissance (cont.) Social Engineering  Getting information in a non-technical manner “Dumpster diving” Dupe employees into compromising security

9 Scanning Use information gathered by research and social engineering Scan target for information that reveals vulnerabilities

10 Scanning (cont.) Nmap – Unix or Windows Hping2 – Unix Netcat – Cross-platform Ping – Cross-platform Traceroute – Cross-platform

11 Scanning (cont.) Nmap  ICMP echo request packets  SYN scanning  Version scanning  RPC scans g/wiki/Remote_proce dure_call g/wiki/Remote_proce dure_call  OS fingerprinting capabilities

12 Scanning (cont.) Port and network scanning  Identify which ports are open  Port numbers identify services  These ports should be closed: Unnecessary services Vulnerable services

13 Scanning (cont.) Ports  s00000.htm s00000.htm   _ports.htm _ports.htm

14 Scanning (cont.) NetBrute   Scans a range of IP addresses  For network administrators testing their own networks  Targets one IP  Locates open ports  Locates all shared drives  Identifies O/S and Web server software

15 Scanning (cont.) Cerberus  Various download locations  Checks for a variety of services  Generates an html report  Identifies security flaws in the registry, other areas

16 Scanning (cont.) SATAN  Security Administrator Tool for Analyzing Networks  Unix 

17 Scanning (cont.) Vulnerability ( 弱點 ) Scanning  m m  SAINT Prioritizes results Fast assessment Configurable for increased efficiency  Nessus Up to date and easy to use Updateable plug-ins Detailed reports

18 Port Monitoring and Managing A deeper layer of information gathering  Netstat  Netstat Live k/nsl.htm k/nsl.htm  Active Ports  Fport  TCPView

19 In-Depth Searches Take investigation to a deeper level  Search engines  Newsgroups Information can be used for good or bad purposes

20 Summary Information  The more information you have about the vulnerabilities and weaknesses of your system, the better prepared you are to defend it.  The more information the hacker has about your system’s vulnerabilities and weaknesses, the sooner it will be violated.  The tools in this chapter are for the network and security administrator and are to be used for legal, not illegal, purposes.