Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Published byMaximillian Gorby Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning

2 Objectives After reading this chapter and completing the exercises, you will be able to: –Describe port scanning and types of port scans –Describe port-scanning tools –Explain what ping sweeps are used for –Explain how shell scripting is used to automate security tasks Hands-On Ethical Hacking and Network Defense, Second Edition2

3 Introduction to Port Scanning Port Scanning –Finds which services are offered by a host –Identifies vulnerabilities Open services can be used on attacks –Identify vulnerable port and launch exploit Scans all ports when testing –Not just well-known ports Hands-On Ethical Hacking and Network Defense, Second Edition3

4 4 Figure 5-1 The AW Security Port Scanner interface

5 Introduction to Port Scanning (cont’d.) Port scanning programs report: –Open ports –Closed ports –Filtered ports –Best-guess running OS Hands-On Ethical Hacking and Network Defense, Second Edition5

6 Types of Port Scans SYN scan –Stealthy scan Connect scan –Completes three-way handshake NULL scan –Packet flags are turned off XMAS scan –FIN, PSH and URG flags are set Hands-On Ethical Hacking and Network Defense, Second Edition6

7 Types of Port Scans (cont’d.) ACK scan –Used to get past firewall FIN scan –Closed port responds with an RST packet UDP scan –Closed port responds with ICMP “Port Unreachable” message Hands-On Ethical Hacking and Network Defense, Second Edition7

8 Using Port-Scanning Tools Port-scanning tools –Hundreds available –Not all are accurate Be familiar with a variety Practice often Some tools include: –Nmap –Unicornscan –Nessus and OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition8

9 Nmap Originally written for Phrack magazine –One of the most popular tools –New features frequently added GUI front end –Zenmap Standard tool for security professionals –Command: nmap 193.145.85.201 Scans every port on computer with this IP address Hands-On Ethical Hacking and Network Defense, Second Edition9

10 10 Figure 5-2 The Nmap help screen

11 Unicornscan Developed to assist with large network tests –Ideal for large-scale endeavors –Scans 65,535 ports in three to seven seconds Handles port scanning using: –TCP –ICMP –IP Optimizes UDP scanning Hands-On Ethical Hacking and Network Defense, Second Edition11

12 Nessus and OpenVAS Nessus –First released in 1998 –No longer under GPL license Still available for download OpenVAS –Open-source fork of Nessus –Performs complex queries while client interfaces with server –Capable of updating security check plug-ins Security test programs (scripts) Hands-On Ethical Hacking and Network Defense, Second Edition12

13 Hands-On Ethical Hacking and Network Defense, Second Edition13 Figure 5-3 OpenVAS with a safe checks warning

14 Hands-On Ethical Hacking and Network Defense, Second Edition14 Figure 5-4 OpenVAS discovers a vulnerability

15 Conducting Ping Sweeps Ping sweeps –Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems –Shut down computers cannot respond –Networks may be configured to block ICMP Echo Requests –Firewalls may filter out ICMP traffic Hands-On Ethical Hacking and Network Defense, Second Edition15

16 FPing Ping multiple IP addresses simultaneously Accepts a range of IP addresses –Entered at a command prompt –File containing multiple IP addresses Input file –Usually created with shell-scripting language Hands-On Ethical Hacking and Network Defense, Second Edition16

17 Hands-On Ethical Hacking and Network Defense, Second Edition17 Figure 5-5 Fping parameters

18 Hands-On Ethical Hacking and Network Defense, Second Edition18 Figure 5-6 Results of an Fping command

19 Hping Used to: –Perform ping sweeps –Bypass filtering devices Allows users to inject modified IP packets Powerful tool –All security testers must be familiar with tool –Supports many parameters Hands-On Ethical Hacking and Network Defense, Second Edition19

20 Hands-On Ethical Hacking and Network Defense, Second Edition20 Figure 5-7 Hping help, page 1

21 Hands-On Ethical Hacking and Network Defense, Second Edition21 Figure 5-8 Hping help, page 2

22 Hands-On Ethical Hacking and Network Defense, Second Edition22 Figure 5-9 Hping help, page 3

23 Crafting IP Packets Packet components –Source IP address –Destination IP address –Flags Helps obtain information about a service Tools: –Hping –Fping Hands-On Ethical Hacking and Network Defense, Second Edition23

24 Understanding Scripting Modify tools to better suit your needs Customized scripts –Automates tasks –Time saving –Requires basic programming skills Hands-On Ethical Hacking and Network Defense, Second Edition24

25 Scripting Basics Similar to DOS batch programming Script or batch file –Text file –Contains multiple commands Repetitive commands –Good candidate for scripting Practice is the key Hands-On Ethical Hacking and Network Defense, Second Edition25

26 Hands-On Ethical Hacking and Network Defense, Second Edition26 Table 5-1 Summary of vi commands

27 Hands-On Ethical Hacking and Network Defense, Second Edition27 Figure 5-10 A shell script

28 Summary Port scanning (i.e., service scanning) –Scanning a range of IP address –Determines running services Port scan types –SYN –ACK –FIN Hands-On Ethical Hacking and Network Defense, Second Edition28

29 Summary (cont’d.) Port scanning tools –Nmap –Nessus –OpenVAS –Unicornscan Ping sweeps –Determine which computers are “live” Scripts –Automate time-consuming tasks Hands-On Ethical Hacking and Network Defense, Second Edition29

Download ppt "Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning."

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?

1 Topic 2 – Lesson 4 Packet Filtering Part I. 2 Basic Questions What is packet filtering? What is packet filtering? What elements are inside an IP header?
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals

Computer Security Fundamentals
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.

Penetration Testing-Wk5 Last Week nmap – scan hosts – footprint find open ports running services determine OS.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
Computer Security and Penetration Testing

Computer Security and Penetration Testing

Similar presentations

Ads by Google