Presentation is loading. Please wait.

Presentation is loading. Please wait.

CITA 352 Chapter 5 Port Scanning.

Published byHolly Hoover Modified over 6 years ago

Similar presentations

Presentation on theme: "CITA 352 Chapter 5 Port Scanning."— Presentation transcript:

1 CITA 352 Chapter 5 Port Scanning

2 Introduction to Port Scanning
Finds which services are offered by a host Identifies vulnerabilities Open services can be used on attacks Identify vulnerable port and launch exploit Scans all ports when testing Not just well-known ports

3 Figure 5-1 The AW Security Port Scanner interface

4 Introduction to Port Scanning (cont’d.)
Port scanning programs report: Open ports Closed ports Filtered ports Best-guess running OS

5 Types of Port Scans SYN scan Connect scan NULL scan XMAS scan
Stealthy scan Connect scan Completes three-way handshake NULL scan Packet flags are turned off XMAS scan FIN, PSH and URG flags are set

6 Types of Port Scans (cont’d.)
ACK scan Used to get past firewall FIN scan Closed port responds with an RST packet UDP scan Closed port responds with ICMP “Port Unreachable” message

7 Using Port-Scanning Tools
Hundreds available Not all are accurate Be familiar with a variety Practice often Some tools include: Nmap Unicornscan Nessus and OpenVAS

8 Nmap Originally written for Phrack magazine GUI front end
One of the most popular tools New features frequently added GUI front end Zenmap Standard tool for security professionals Command: nmap Scans every port on computer with this IP address

9 Figure 5-2 The Nmap help screen

10 Unicornscan Developed to assist with large network tests
Ideal for large-scale endeavors Scans 65,535 ports in three to seven seconds Handles port scanning using: TCP ICMP IP Optimizes UDP scanning

11 Nessus and OpenVAS Nessus OpenVAS First released in 1998
No longer under GPL license Still available for download OpenVAS Open-source fork of Nessus Performs complex queries while client interfaces with server Capable of updating security check plug-ins Security test programs (scripts)

12 Figure 5-3 OpenVAS with a safe checks warning

13 Figure 5-4 OpenVAS discovers a vulnerability

14 Conducting Ping Sweeps
Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems Shut down computers cannot respond Networks may be configured to block ICMP Echo Requests Firewalls may filter out ICMP traffic

15 FPing Ping multiple IP addresses simultaneously
Accepts a range of IP addresses Entered at a command prompt File containing multiple IP addresses Input file Usually created with shell-scripting language

16 Figure 5-5 Fping parameters

17 Figure 5-6 Results of an Fping command

18 Hping Used to: Powerful tool Perform ping sweeps
Bypass filtering devices Allows users to inject modified IP packets Powerful tool All security testers must be familiar with tool Supports many parameters

19 Figure 5-7 Hping help, page 1

20 Figure 5-8 Hping help, page 2

21 Figure 5-9 Hping help, page 3

22 Crafting IP Packets Packet components
Source IP address Destination IP address Flags Helps obtain information about a service Tools: Hping Fping

23 Understanding Scripting
Modify tools to better suit your needs Customized scripts Automates tasks Time saving Requires basic programming skills

24 Scripting Basics Similar to DOS batch programming Script or batch file
Text file Contains multiple commands Repetitive commands Good candidate for scripting Practice is the key

25 Table 5-1 Summary of vi commands

26 Figure 5-10 A shell script

Download ppt "CITA 352 Chapter 5 Port Scanning."

Similar presentations

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals

Computer Security Fundamentals
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.

TCP/IP Tools Lesson 5. Objectives Skills/ConceptsObjective Domain Description Objective Domain Number Using basic TCP/IP commands Understanding TCP/IP3.6.
Port Scanning.

Port Scanning.
1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

1 Lab 3 Transport Layer T.A. Youngjoo Han. 2 Transport Layer  Providing logical communication b/w application processes running on different hosts 

Similar presentations

Ads by Google