Footprinting and Scanning

Slides:

Advertisements

Similar presentations

Module II Footprinting

Advertisements

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

System Security Scanning and Discovery Chapter 14.

Firewalls and Intrusion Detection Systems

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

TCP/IP Protocol Suite 1 Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display. Chapter 19 Domain Name System (DNS)

Internet Relay Chat Chandrea Dungy Derek Garrett #29.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Ana Chanaba Robert Huylo

Hands-on Networking Fundamentals

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Network Reconnaissance

CNIT 124: Advanced Ethical Hacking. CASING THE ESTABLISHMENT CASE STUDY.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

CS391 Computer & Network Security

Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.

CIS 450 – Network Security Chapter 3 – Information Gathering.

1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.

DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.

MIS Week 4 Site:

# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Chapter 2 Scanning Last modified Determining If The System Is Alive.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.

Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.

ROAD TO EXPLOITATION Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

TCOM Information Assurance Management Casing the Establishment.

Module 10: Windows Firewall and Caching Fundamentals.

Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

CPMT 1449 Computer Networking Technology – Lesson 3

Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

Kali Linux BY BLAZE STERLING. Roadmap  What is Kali Linux  Installing Kali Linux  Included Tools  In depth included tools  Conclusion.

Penetration Testing By Blaze Sterling. Roadmap What is Penetration Testing How is it done? Penetration Testing Tools Kali Linux In depth included tools.

Filip Chytrý Everyone of you in here can help us improve online security....

General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.

Modern information gathering Dave van Stein 9 april 2009.

WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Port Scanning James Tate II

Footprinting and Scanning

Footprinting (definition 1)

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Kennesaw State University

Remote Control and Advanced Techniques

Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009

Footprinting and Scanning

Intro to Ethical Hacking

FootPrinting CS391.

Learning objectives By the end of this unit you should: Explain

Passive Research Section 2 11/29/2018.

EVAPI - Enumeration Auburn Hacking club

Presentation transcript:

Footprinting and Scanning

Protect from Target acquisition and information gathering footprinting scanning enumeration initial access privilege escalation covering tracks

Footprinting gathering target information profile of security posture

Scope of footprinting Organization, region, location open source search web page (save it offline, e.g. teleport ) multiple search engines (All-in-One , Dogpile) advanced search (e.g. Yahoo) publicly trade companies (e.g. EDGAR) You can obtain satellite images of a location using the TerraServer or downloading Google Earth. countermeasures remove unnecessary information from web pages create security policies (see Site Security Handbook)

Network enumeration Identify domain names and networks registrar query. In Linux/UNIX issue whois “domain”@whois.crsnic.net In Windows download SamSpade, enter a DNS server in the right window and perform the query in the left windows as shown here. organizational and domain query. Use the dig function of SamSpade to obtain information about who is responsible for the domain, the primary (authoritative) DNS server, the other DNS servers, etc. network query. The ARIN database can provide information on IP blocks assigned to an organization. You can also use the SamSpade IP Block tool. countermeasures: only administrative cleanup, because the information is required for registration.

DNS interrogation Use the Spade tool to check DNS. Use the dig tool in Spade to obtain the authoritative DNS for the organization (it will also provide mail server, etc, IP numbers). A zone transfer asks the authoritative name server of an organization for all the information it knows about a domain (it should not provide the information). Mail relay check asks a mail server to relay mail for you (it should not relay your message). Countermeasures: deny all unauthorized inbound connections to port 53. You can also set directives to the DNS server (see book). This prevents zone transfer, but not nslookup to each IP number. Network Reconnaissance traceroute (tracert) allows to study the network topology (identify the nodes in the network). See this example.

Scanning After obtaining a list of network and IP addresses scanning starts: ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger. TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. UDP port scanning: use WUPS in Windows as shown here. countermeasures: detection using active ports (see an example of what it logs). Later we will learn to install an IDS program (snort), the way to protect from ping sweeps and port scanning. NAT is a first step. See more free/shareware security tools here.

More in Scanning OS detection (stack fingerprinting): probe the TCP/IP stack,because it varies with OS. Requires at least one listening port to make determination. See textbook (pages 69-72) for types of probe. why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server. countermeasures: standards, filtering requests at firewall. OS detection (passive signatures): monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool. Once the OS is identified enumeration can take place (to be seen in next class meeting).