Module 19 : Threats in Network What makes a Network Vulnerable?

Similar documents
Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

CIT 480: Securing Computer Systems

Ethical Hacking Basics Course

A quick theorical introduction to network scanning. 23rd November 2005

Basics of executing a penetration test

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Honeyd A OS Fingerprinting Artifice

FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6

Hands-On Ethical Hacking and Network Defense

Analysis of TCP Segment Header Based Attack Using Proposed Model

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Stateless Firewall Implementation

n Understand EC-Council s scanning methodology n Describe scan types and the objectives of scanning

Understand ping sweep techniques. Understand nmap command switches. List TCP communication flag types. Understand war-dialing techniques

Detecting Specific Threats

Transport Layer Review

Configuring attack detection and prevention 1

Port Scanning A Brief Introduction

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

Storage Efficient Capturing of Port Scanning Attack Traffic

Network Security(CP33925) Data Collection 부산대학교공과대학전기컴퓨터공학부

ELEC5616 COMPUTER & NETWORK SECURITY

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Denial of Service and Distributed Denial of Service Attacks

User Datagram Protocol

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Configuring attack detection and prevention 1

Monitoring Active and Recent Connections

Exam Questions CEH-001

Configuring Flood Protection

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

On Assessing the Impact of Ports Scanning on the Target Infrastructure

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

GAQM Exam CEH-001 Certified Ethical Hacker (CEH) Version: 6.0 [ Total Questions: 878 ]

Transport Layer. The transport layer is responsible for the delivery of a message from one process to another. RSManiaol

Denial of Service (DoS) attacks and countermeasures

Ethical Hacking and Countermeasures V7

A Study on Intrusion Detection Techniques in a TCP/IP Environment

9. Security. Safeguard Engine. Safeguard Engine Settings

HP High-End Firewalls

CSC 574 Computer and Network Security. TCP/IP Security

Chapter 8 roadmap. Network Security

TCP /IP Fundamentals Mr. Cantu

Unicornscan Documentation Getting Started

Preview from Notesale.co.uk Page 3 of 36

Packet Header Formats

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

IK2206 Internet Security and Privacy Firewall & IP Tables

20-CS Cyber Defense Overview Fall, Network Basics

Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key

Transport: How Applications Communicate

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

ARP, IP, TCP, UDP. CS 166: Introduction to Computer Systems Security 4/7/18 ARP, IP, TCP, UDP 1

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

PASS4TEST. IT Certification Guaranteed, The Easy Way! We offer free update service for one year

Towards Intelligent Fuzzy Agents to Dynamically Control the Resources Allocations for a Network under Denial of Service Attacks

COUNTERMEASURE TOOL - CARAPACE FOR NETWORK SECURITY

HP High-End Firewalls

K2289: Using advanced tcpdump filters

EDURange Student s Manual. September 14, 2015

Developing the Sensor Capability in Cyber Security

Authors: Mark Handley, Vern Paxson, Christian Kreibich

Unit 2.

Exam Questions v8

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Attack Prevention Technology White Paper

Michael Wylie. Dell Security

inside: THE MAGAZINE OF USENIX & SAGE April 2002 Volume 27 Number 2 SECURITY A Remote Active OS Fingerprinting Tool Using ICMP BY OFIR ARKIN

Network Security: Scan

Scanning. Scanning. Goals Useful Tools. The Basics NMAP. Scanning 1 / 34

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

BIG-IP otse vastu internetti. Kas tulemüüri polegi vaja?

CCNA R&S: Introduction to Networks. Chapter 7: The Transport Layer

Overview. Computer Network Lab, SS Security. Type of attacks. Firewalls. Protocols. Packet filter

ch02 True/False Indicate whether the statement is true or false.

Software Engineering 4C03 Answer Key

FIREWALLS. Firewall: isolates organization s internal net from larger Internet, allowing some packets to pass, blocking others

TSIN02 - Internetworking

Lab - Using Wireshark to Examine TCP and UDP Captures

IpMorph : Unification of OS fingerprinting defeating or, how to defeat common OSFP tools.

IMPLEMENTING NETWORK SECURITY. RouterOS. with IP FIREWALL. ADVANCED and EXTRA CONDITIONS

UDP and TCP. Introduction. So far we have studied some data link layer protocols such as PPP which are responsible for getting data

Introduction to Network. Topics

Different Layers Lecture 20

TCP & UDP. Transport Layer. Transport. Network. Functions. End-to-end Reliable Byte Stream. Unreliable End-to-end. C.K. Kim

Lab 8: Introduction to Pen Testing (HPING)

A Classification Of analyzed Detection and Improvement OS Fingerprinting and Various finger stamping scanning ports

ECE 435 Network Engineering Lecture 9

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

A Software Tool for Network Intrusion Detection

Computer and Network Security

Common Network Attacks

History Page. Barracuda NextGen Firewall F

ECE 435 Network Engineering Lecture 9

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Transcription:

Module 19 : Threats in Network What makes a Network Vulnerable? Sharing Unknown path Many points of attack What makes a network vulnerable? Unknown perimeter Anonymity Complexity of system Categories of attack:

There are two categories of attacks: (i) Active v/s passive attack (ii) Insider v/s outsider attack Who attacks Networks? The attacker attacks for different reasons. Challenge Fame Money and Espionage Organized crime Ideology Hactivism and cyberterrorism: Hactivism involves all kinds of activities with hacking techniques applied to a target s network. These activities just disrupt routine operations, do not cause serious damage. Cyberterrorism involves all kind of activities (politically motivated) with hacking operations that cause harm including loss of life or economic brekdown. How attackers gather information? port scan pinging Port Scan: Port Scan can reveal three facts. 1. Which standard ports are up and services are running and answering on the target system. 2. Which operating system is installed on target machine? 3. What applications and their versions are installed? Pinging: Ping is used to check whether host is alive. Ping, sends ICMP echo request, causing the target to respond with an ICMP reply packet.

Port scanning : For rendering services, TCP/IP protocol suit uses 2 primary protocols 1) TCP 2) UDP Every TCP and UDP packet contains information about source port and destination port. Port numbers are given numbers ranging from 0-65535 which requires 16 bits. Port scanning methods 1. TCP Connect(Not stealth-not secret) Uses open system call provided by kernel to connect to specified ports on the target host. Opens TCP connection via TCP 3 way handshake. Client Server SYN SYN/ACK ACK ACK/FIN ACK ACK/RST TCP connect scan finishes the three way handshake, the application listening on the destination port will answer to this request for connection. Application will log the connection attempt. 2. TCP SYN/Half open(stealth):

In this method, Scanner sends SYN packet to the target host. If target host is listening on particular port then responds with SYN+ACK. If target host is alive but not listening on a particular port, RST packet will be sent. In this method, Scanning does not complete the 3 way handshake, that is why this method is stealthy because nothing is logged by target host. 3. FIN In this method, FIN packet is sent to target host. If target host alive and not listening on a particular port, then target host will respond with RST packet. If target host is listening on a particular port, it will not respond. Microsoft host sends RST packet in all cases. Host is identified as Microsoft windows host. 4. XMAS In this method, the host sends out a packet with FIN, URG and PUSH flags set. If target host is listening on a particular port, it sends an RST packet back. If target host not listening on that port, does not respond. 5. NULL In this method, the host sends a TCP packet to the destination host with all the flags turned off in the TCP header. If the target host is listening on a particular port, does not respond. If target host is not listening on a particular ports, sends an RST packet. 6. RPC In this method, the host sends NULL commands, to open ports to determine if they are RPC ports. If Open port is RPC port, then which application is bound to that port is checked and information is obtained. 7. ACK In this method, the host sends ACK packets to target host. Target host does not respond or sends back ICMP unreachable packet, port is filtered by firewall. This method is used to check firewall sets. If target sends back RST packet, port is not filtered by firewall. 8. Window This method detects open, filtered and unfiltered ports on some systems due to reported

anomaly in the window sizes of TCP. 9. UDP This method sends UDP packet. If target host is not listening on the port used for communication, an ICMP port unreachable packet is received. If target host is listening on the port used for communication, the sending host does not receive such packet. Scanning with UDP is unreliable as UDP is not connection oriented. Try nmap Download nmap from https:://nmap.org In the command tab type: 1) nmap ss p 22.25.80.443 192.168.100.0/24 2) nmap - - help 3) Perform ping sweeps nmap sp nmap -sf 216.58.220.4 ******FIN scanning Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-11-03 21:15 India Standard Time Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 4.03 seconds nmap -st 216.58.220.4 ****TCP connect port scan Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-11-03 21:17 India Standard Time Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 4.20 seconds nmap -sx 216.58.220.4 ***XMAS scanning Starting Nmap 6.49BETA5 ( https://nmap.org ) at 2015-11-03 21:18 India Standard Time Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn Nmap done: 1 IP address (0 hosts up) scanned in 4.04 seconds Perform TCP pings nmap PT[port_number] host nmap PT6000 192.168.1.1 if a host responds with a RST packet, nmap considers the host is alive, perform port scan immediately by default nmap sends ACK packet to port 80 Perform TCP-connect port scans nmap st 10.0.0.1 Perform SYN scanning nmap ss 192.168.1.150 Perform FIN scan nmap sf 192.168.1.100 XMAS scanning nmap sx 192.168.1.1 NULL scanning nmap sn 192.168.1.100 RPC scanning nmap sr 10.0.0.10 IP protocol scanning nmap so 192.168.1.1 UDP Port scanning nmap su 192.168.1.100 Countermeasure:

1. Block ICMP Configure firewall to drop incoming echo requests and outgoing ICMP echo replies. 2. Prevent TCP ping scans Use stateful firewall to protect network. Configure firewall to drop all ACK packets if those packets do not belong to the TCP connection established already. 3. Defend against port scan Configure firewall to drop packets destined for closed ports. Most firewalls and IDSs have the ability to detect port scans. Use stateful firewall. Threats in Transit:.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback