Download presentation
Presentation is loading. Please wait.
Published byWarren Page Modified over 9 years ago
1
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners
2
Information Networking Security and Assurance Lab National Chung Cheng University 2 Introduction The first step in the process of hacking Discover the services Version label Operation System Send few packets to the host
3
Information Networking Security and Assurance Lab National Chung Cheng University 3 Pre Study TCP Packet Header
4
Information Networking Security and Assurance Lab National Chung Cheng University 4 TCP conversation ClientServer SYN SYN/ACK ACK Connection Established ClientServer FIN ACK/FIN ACK ConnectionClosed Connect Disconnect Three-way handshake
5
Information Networking Security and Assurance Lab National Chung Cheng University 5 TCP Flag Definitions Flag SYNThe beginning of a connection ACKAcknowledge receipt of a previous packet or transmission FINClose a TCP connection RSTAbort a TCP connection
6
Information Networking Security and Assurance Lab National Chung Cheng University 6 Scanning for Hosts Is the host alive ? Method Ping nmap –sP 192.168.0.1 TCP Ping nmap –sT 192.168.0.1
7
Information Networking Security and Assurance Lab National Chung Cheng University 7 Scanning for TCP Ports TCP connect nmap –sT 192.168.0.1 RPC service nmap –sR 192.168.0.1
8
Information Networking Security and Assurance Lab National Chung Cheng University 8 SYN Scan Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes SYNSYN/ACKPort is open Host is up SYNRSTPort is closed Host is up SYNNothingPort is blocked by firewall Or Host is down Nmap –sS
9
Information Networking Security and Assurance Lab National Chung Cheng University 9 ACK Scan Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes ACKRSTPort is not firewall-protect Port may be open or closed Host is up ACKNothing or ICMP unreachable Port is blocked by firewall if host is up No firewall~ Protected by firewall~ Nmap –sA
10
Information Networking Security and Assurance Lab National Chung Cheng University 10 FIN Scan Nmap Host Connect FIN RST Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes FINRSTPort is closed Host is up FINNothingPort is open if host is up and not firewall-protected Nmap –sF
11
Information Networking Security and Assurance Lab National Chung Cheng University 11 Xmas Scan Non-normal TCP operation Set the flags FIN,URG,PUSH With –sX Nmap –sX
12
Information Networking Security and Assurance Lab National Chung Cheng University 12 Null scan Turn off all flags With -sN Nmap –sN
13
Information Networking Security and Assurance Lab National Chung Cheng University 13 Scanning for UDP Ports Nmap Host Connect Empty UDP Packet ICMP unreachable Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes Empty UDP packet NothingPort assumed open if host responds to Ping. Port may be closed if firewall blocking ICMP Empty UDP packet ICMP unreachablePort is closed Nmap –sU
14
Information Networking Security and Assurance Lab National Chung Cheng University 14 Scanning for Protocol IP Header Nmap –sO
15
Information Networking Security and Assurance Lab National Chung Cheng University 15 Decoys Fragmentation Hiding Your Scan (-D) (-r)(-f) Nmap –sS –f With –sS –sF –sN -sX FTP Bounce Nmap –b anonymous@ –p Nmap –D Disable Randomizing Ports Nmap –r
16
Information Networking Security and Assurance Lab National Chung Cheng University 16 Timing Your Scan Time-based algorithm Using -T option Nmap –T nameProbe Response Timeout Time Spent on One Host Time between Probes Use Parallelized Probes Paranoid5 minUnlimited5 minNo Sneaky15 secUnlimited12 secNo Polite6 secUnlimited0.4 secNo Normal6 secUnlimitedNoneNo Aggressive1 sec5 minNoneYes Insane0.3 sec75 secNoneYes
17
Information Networking Security and Assurance Lab National Chung Cheng University 17 TCP Reverse Ident Scanning Who runs the process (-I) Nmap –I
18
Information Networking Security and Assurance Lab National Chung Cheng University 18 OS Fingerprinting With –O flag Sending specially TCP and UDP headers Analyze the result and compare information OS information
19
Information Networking Security and Assurance Lab National Chung Cheng University 19 OS Detection on Linux Nmap –O 192.168.0.1
20
Information Networking Security and Assurance Lab National Chung Cheng University 20 Mapping Networks Scanning a Class C subnet
21
Information Networking Security and Assurance Lab National Chung Cheng University 21 Mapping Networks Port scans in IP section
22
Information Networking Security and Assurance Lab National Chung Cheng University 22 Scanning Tools on windows Netscantools Superscan IPEYE WUPS
Similar presentations
© 2024 SlidePlayer.com Inc.
All rights reserved.