Presentation is loading. Please wait.

Presentation is loading. Please wait.

Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

Published byAvis Parks Modified over 8 years ago

Similar presentations

Presentation on theme: "Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University."— Presentation transcript:

1 Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University

2 Section Overview Web Searches Web Searches Whois Queries Whois Queries DNS Queries / Zone Transfers DNS Queries / Zone Transfers Network Reachability Network Reachability Port Scanning Port Scanning OS Fingerprinting OS Fingerprinting User account identification User account identification

3 References Security in Computing, 3 rd Ed. Security in Computing, 3 rd Ed. Chapter 7 (pgs. 363-403) Chapter 7 (pgs. 363-403)

4 Reconnaissance Phases Footprinting Source: Hacking Exposed: Network Security: Secrets and Solutions, by S. McClure, J. Scambray, and G. Kurtz Enumeration Scanning

5 Whois Queries American Registry for Internet Numbers American Registry for Internet Numbers Domain – IP address blocks Domain – IP address blocks Europe, Asia, etc. have their own Europe, Asia, etc. have their own Internic – Registered Domain Info Internic – Registered Domain Info Domain name Domain name Registrar Registrar Name Server addresses Name Server addresses Registrar Sites Registrar Sites Domain location (mailing address) Domain location (mailing address) Administrative/Technical Contact info Administrative/Technical Contact info Name Servers Name Servers

6 DNS Zone Transfer Address (A) Address (A) maps host name to IP Pointer (PTR) Pointer (PTR) maps IP to host name Mail Exchanger (MX) Mail Exchanger (MX) Identifies email servers Conical Name (CNAME) Conical Name (CNAME) Host name aliases Service (SVC) Service (SVC) Service identification Host Info (HINFO) Host Info (HINFO) Identifies host type Text (TXT) Text (TXT) Misc. info about host Name Server (NS) Name Server (NS) Name server host IP Extract entire DNS database Query Tools: nslookup, dig

7 Network Reachability ping ping Is the host online? Is the host online? “Not Available” vs. “No Answer” “Not Available” vs. “No Answer” traceroute traceroute Lists all router hops to host Lists all router hops to host Most domain names identify location Most domain names identify location Timeouts at host may indicate presence of a firewall Timeouts at host may indicate presence of a firewall

8 Port Scanning Checking of all ports on a target Checking of all ports on a target Banner Grabbing Banner Grabbing Can looks for known service bugs/exploits Can looks for known service bugs/exploits Can leave a big footprint Can leave a big footprint Common Scanners Common Scanners Satan/Saint/Sara Satan/Saint/Sara Satan/Saint/Sara Nmap Nmap Nmap Nessus Nessus Nessus

9 OS Fingerprinting FIN Probing FIN Probing TCP ISN Sampling TCP ISN Sampling IPID Sampling IPID Sampling TCP Timestamp TCP Timestamp TCP Options TCP Options Fragmentation Handling Fragmentation Handling TCP Retransmission Timeouts TCP Retransmission Timeouts TCP Initial Window TCP Initial Window ACK Values ACK Values ICMP Error Quoting ICMP Error Quoting ICMP Error Message Echo Integrity ICMP Error Message Echo Integrity ICMP Error Message Type of Service (TOS) ICMP Error Message Type of Service (TOS) ICMP Error Message Limiting ICMP Error Message Limiting

10 User/Share Identification User accounts can provide many openings User accounts can provide many openings UNIX/Linux UNIX/Linux finger finger showmount -e showmount -e Win2000/XP Win2000/XP NULL Sessions NULL Sessions net view /domain net view /domain nbtstat -A nbtstat -A Services Services Email: EXPN Email: EXPN SNMP SNMP

Download ppt "Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.

1 Modul 2 Footprinting Scanning Enumeration Isbat Uzzin Nadhori Informatical Engineering PENS-ITS Politeknik Elektronika Negeri Surabaya ITS - Surabaya.
Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.

Penetration Testing & Countermeasures Paul Fong & Cai Yu CS691 5 May 2003.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.

DefCon: Network Mapping Techniques Simple Nomad Nomad Mobile Research Centre BindView Corporation.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Copyright © 2007 by Scott Orr and the Trustees of Indiana University

Copyright © 2007 by Scott Orr and the Trustees of Indiana University
Firewalls and Intrusion Detection Systems

Firewalls and Intrusion Detection Systems
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.

IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Similar presentations

Ads by Google