Presentation is loading. Please wait.

Presentation is loading. Please wait.

Footprinting and Scanning

Published byToby Garrett Modified over 6 years ago

Similar presentations

Presentation on theme: "Footprinting and Scanning"— Presentation transcript:

1 Footprinting and Scanning

2 Protect from Target acquisition and information gathering
footprinting scanning enumeration initial access privilege escalation covering tracks

3 Footprinting gathering target information profile of security posture

4 Scope of footprinting Organization, region, location
open source search web page (save it offline, e.g. teleport ) yahoo or other directories search engines (Google , Bing, etc.) publicly trade companies (e.g. EDGAR) satellite images of a location using Google Earth. countermeasures remove unnecessary information from web pages create security policies (see Site Security Handbook)

5 Network enumeration Identify domain names and networks
registrar query. In Linux/UNIX issue whois In Windows download whois and use it at the command prompt whois “domain” as shown in this example. You can also do this online at ARIN or use the Dossier option in the CentralOps site. You can also use the Spade tool to get some of this information. Please note that ARIN is only one of the Regional Internet Registries. Another source of information is IANA. Please note the address, phone numbers, IP blocks assigned to the organization, administrator’s , etc. countermeasures: only administrative cleanup, because the information is required for registration.

6 DNS interrogation Use the Spade tool to check DNS.
Use the dig tool in Spade to obtain the authoritative DNS for the organization (it will also provide mail server, etc, IP numbers). A zone transfer asks the authoritative name server of an organization for all the information it knows about a domain (it should not provide the information). Mail relay check asks a mail server to relay mail for you (it should not relay your message). Countermeasures: deny all unauthorized inbound connections to port 53. You can also set directives at the DNS server. This prevents zone transfer, but not nslookup to each IP number. Network Reconnaissance traceroute (tracert) allows to study the network topology (identify the nodes in the network). See this example.

7 Scanning After obtaining a list of network and IP addresses scanning starts: ping sweeps (active machines): use nmap in Windows and in Linux/UNIX. TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows use SuperScan or Nmap and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools. UDP port scanning: use nmap and also online here. countermeasures: detection using TcpView (see an example of what it logs). Later we will learn to install an IDS program (snort), the way to protect from ping sweeps and port scanning. NAT is a first step. See more free/shareware security tools here.

8 More in Scanning OS detection (stack fingerprinting):
probe the TCP/IP stack because it varies with OSs. Requires at least one listening port to make determination. why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server. countermeasures: standards, filtering requests at firewall. OS detection (passive signatures): monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool, but nmap is the main tool. Once the OS is identified enumeration can take place .

Download ppt "Footprinting and Scanning"

Similar presentations

Module II Footprinting

Module II Footprinting
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.

Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost 127.0.0.1 (loopback address)  Internal networks 

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 
Port Scanning.

Port Scanning.
Ana Chanaba Robert Huylo

Ana Chanaba Robert Huylo
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.
Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.
Network Reconnaissance

Network Reconnaissance
CNIT 124: Advanced Ethical Hacking. CASING THE ESTABLISHMENT CASE STUDY.

CNIT 124: Advanced Ethical Hacking. CASING THE ESTABLISHMENT CASE STUDY.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
CS391 Computer & Network Security

CS391 Computer & Network Security

Similar presentations

Ads by Google