Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

Slides:



Advertisements
Similar presentations
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Advertisements

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
System Security Scanning and Discovery Chapter 14.
Copyright © 2007 by Scott Orr and the Trustees of Indiana University
Firewalls and Intrusion Detection Systems
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Computer Security and Penetration Testing
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 6 Enumeration.
Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.
Port Scanning.
Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
Network Reconnaissance
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Chapter 10 Networking and the Internet ITSC 1458.
CS391 Computer & Network Security
DNS & SPAM SHAREPOINT 2010 IT:NETWORK:APPLICATIONS.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
CIS 450 – Network Security Chapter 3 – Information Gathering.
October 8, 2015 University of Tulsa - Center for Information Security Microsoft Windows 2000 DNS October 8, 2015.
Deploying a Web Application Presented By: Muhammad Naveed Date:
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
# Ethical Hacking. 2 # Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
ROAD TO EXPLOITATION Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.
Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:
Footprinting and Scanning
CS3695 – Network Vulnerability Assessment & Risk Mitigation – Supplemental Slides to Module #2 Footprinting and Reconnaissance Intelligence Gathering CEH.
Web Server Administration Chapter 4 Name Resolution.
Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.
Enumeration. Definition Scanning identifies live hosts and running services Enumeration probes the identified services more fully for known weaknesses.
Scanning.
Network Basics CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
General Information: This document was created for use in the "Bridges to Computing" project of Brooklyn College. You are invited and encouraged to use.
Ping and Traceroute by Aleisa A. Drivere Supervisor Graciela Perera.
Common System Exploits Tom Chothia Computer Security, Lecture 17.
Port Scanning James Tate II
Enumeration.
CompTIA Network+ N Authorized Cert Guide
Footprinting and Scanning
Information Gathering
Footprinting and Scanning
FootPrinting CS391.
Learning objectives By the end of this unit you should: Explain
Presentation transcript:

Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University

Section Overview Web Searches Web Searches Whois Queries Whois Queries DNS Queries / Zone Transfers DNS Queries / Zone Transfers Network Reachability Network Reachability Port Scanning Port Scanning OS Fingerprinting OS Fingerprinting User account identification User account identification

References Security in Computing, 3 rd Ed. Security in Computing, 3 rd Ed. Chapter 7 (pgs ) Chapter 7 (pgs )

Reconnaissance Phases Footprinting Source: Hacking Exposed: Network Security: Secrets and Solutions, by S. McClure, J. Scambray, and G. Kurtz Enumeration Scanning

Whois Queries American Registry for Internet Numbers American Registry for Internet Numbers Domain – IP address blocks Domain – IP address blocks Europe, Asia, etc. have their own Europe, Asia, etc. have their own Internic – Registered Domain Info Internic – Registered Domain Info Domain name Domain name Registrar Registrar Name Server addresses Name Server addresses Registrar Sites Registrar Sites Domain location (mailing address) Domain location (mailing address) Administrative/Technical Contact info Administrative/Technical Contact info Name Servers Name Servers

DNS Zone Transfer Address (A) Address (A) maps host name to IP Pointer (PTR) Pointer (PTR) maps IP to host name Mail Exchanger (MX) Mail Exchanger (MX) Identifies servers Conical Name (CNAME) Conical Name (CNAME) Host name aliases Service (SVC) Service (SVC) Service identification Host Info (HINFO) Host Info (HINFO) Identifies host type Text (TXT) Text (TXT) Misc. info about host Name Server (NS) Name Server (NS) Name server host IP Extract entire DNS database Query Tools: nslookup, dig

Network Reachability ping ping Is the host online? Is the host online? “Not Available” vs. “No Answer” “Not Available” vs. “No Answer” traceroute traceroute Lists all router hops to host Lists all router hops to host Most domain names identify location Most domain names identify location Timeouts at host may indicate presence of a firewall Timeouts at host may indicate presence of a firewall

Port Scanning Checking of all ports on a target Checking of all ports on a target Banner Grabbing Banner Grabbing Can looks for known service bugs/exploits Can looks for known service bugs/exploits Can leave a big footprint Can leave a big footprint Common Scanners Common Scanners Satan/Saint/Sara Satan/Saint/Sara Satan/Saint/Sara Nmap Nmap Nmap Nessus Nessus Nessus

OS Fingerprinting FIN Probing FIN Probing TCP ISN Sampling TCP ISN Sampling IPID Sampling IPID Sampling TCP Timestamp TCP Timestamp TCP Options TCP Options Fragmentation Handling Fragmentation Handling TCP Retransmission Timeouts TCP Retransmission Timeouts TCP Initial Window TCP Initial Window ACK Values ACK Values ICMP Error Quoting ICMP Error Quoting ICMP Error Message Echo Integrity ICMP Error Message Echo Integrity ICMP Error Message Type of Service (TOS) ICMP Error Message Type of Service (TOS) ICMP Error Message Limiting ICMP Error Message Limiting

User/Share Identification User accounts can provide many openings User accounts can provide many openings UNIX/Linux UNIX/Linux finger finger showmount -e showmount -e Win2000/XP Win2000/XP NULL Sessions NULL Sessions net view /domain net view /domain nbtstat -A nbtstat -A Services Services EXPN EXPN SNMP SNMP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.