Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

Similar documents
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

INF5290 Ethical Hacking. Lecture 3: Network reconnaissance, port scanning. Universitetet i Oslo Laszlo Erdödi

Module 19 : Threats in Network What makes a Network Vulnerable?

Ethical Hacking Basics Course

Scanning. Course Learning Outcomes for Unit III. Reading Assignment. Unit Lesson UNIT III STUDY GUIDE

Configuring attack detection and prevention 1

CIT 480: Securing Computer Systems

Configuring attack detection and prevention 1

9. Security. Safeguard Engine. Safeguard Engine Settings

Hands-On Ethical Hacking and Network Defense

ELEC5616 COMPUTER & NETWORK SECURITY

Network Security: Scan

Table of Contents. 1 Intrusion Detection Statistics 1-1 Overview 1-1 Displaying Intrusion Detection Statistics 1-1

Network Security. Kitisak Jirawannakool Electronics Government Agency (public organisation)

Nmap & Metasploit. Chun-Jen (James) Chung. Arizona State University

Lab 8: Introduction to Pen Testing (HPING)

TCP TCP/IP: TCP. TCP segment. TCP segment. TCP encapsulation. TCP encapsulation 1/25/2012. Network Security Lecture 6

Internet Layers. Physical Layer. Application. Application. Transport. Transport. Network. Network. Network. Network. Link. Link. Link.

Preview from Notesale.co.uk Page 3 of 36

On Assessing the Impact of Ports Scanning on the Target Infrastructure

Attack Prevention Technology White Paper

Dan Lo Department of Computer Science and Software Engineering Southern Polytechnic State University

Common Network Attacks

Computer Science 3CN3 and Software Engineering 4C03 Final Exam Answer Key

Ping of death Land attack Teardrop Syn flood Smurf attack. DOS Attack Methods

HP High-End Firewalls

Configuring Flood Protection

Single Network: applications, client and server hosts, switches, access links, trunk links, frames, path. Review of TCP/IP Internetworking

Packet Header Formats

HP High-End Firewalls

Exam Questions CEH-001

CSC 574 Computer and Network Security. TCP/IP Security

TCP /IP Fundamentals Mr. Cantu

Chapter 8 roadmap. Network Security

Layer 4: UDP, TCP, and others. based on Chapter 9 of CompTIA Network+ Exam Guide, 4th ed., Mike Meyers

Detecting Specific Threats

EXPERIMENTAL STUDY OF FLOOD TYPE DISTRIBUTED DENIAL-OF- SERVICE ATTACK IN SOFTWARE DEFINED NETWORKING (SDN) BASED ON FLOW BEHAVIORS

tcp6 v1.2 manual pages

Dan Boneh, John Mitchell, Dawn Song. Denial of Service

Basics of executing a penetration test

ch02 True/False Indicate whether the statement is true or false.

SE 4C03 Winter Final Examination Answer Key. Instructor: William M. Farmer

Computer Security and Privacy

Chair for Network Architectures and Services Department of Informatics TU München Prof. Carle. Network Security. Chapter 8

DDoS and Traceback 1

A Software Tool for Network Intrusion Detection

Network Forensics Prefix Hijacking Theory Prefix Hijacking Forensics Concluding Remarks. Network Forensics:

Network Security. Evil ICMP, Careless TCP & Boring Security Analyses. Mohamed Sabt Univ Rennes, CNRS, IRISA Thursday, October 4th, 2018

Outline. What is TCP protocol? How the TCP Protocol Works SYN Flooding Attack TCP Reset Attack TCP Session Hijacking Attack

Everything you need to know about IPv6 security I can manage in 30min. IPv6 Day Copenhagen November 2017

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

Blue Team Handbook: Incident Response Edition

Denial of Service and Distributed Denial of Service Attacks

Virtual-Machine-Based Network Exercises for Introductory Computer Networking Courses

Stateless Firewall Implementation

Port Scanning A Brief Introduction

A quick theorical introduction to network scanning. 23rd November 2005

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

Scanning. Scanning. Goals Useful Tools. The Basics NMAP. Scanning 1 / 34

Chapter 2 Advanced TCP/IP

DDoS Testing with XM-2G. Step by Step Guide

Denial of Service (DoS) attacks and countermeasures

Network and Internet Vulnerabilities

SANS SEC504. Hacker Tools, Techniques, Exploits and Incident Handling.

Internetwork Expert s CCNA Security Bootcamp. Common Security Threats

FOCUS on Intrusion Detection: Intrusion Detection Level Analysis of Nmap and Queso Page 1 of 6

NISCC Technical Note 06/02: Response to Distributed Denial of Service (DDoS) Attacks

Once the VM is started, the VirtualBox OS Manager window can be closed. But our Ubuntu VM is still running.

SecBlade Firewall Cards Attack Protection Configuration Example

Distributed Denial of Service (DDoS)

Honeyd A OS Fingerprinting Artifice

Lab1. Definition of Sniffing: Passive Sniffing: Active Sniffing: How Does ARP Spoofing (Poisoning) Work?

network security s642 computer security adam everspaugh

AN TOÀN LỚP 4: TCP/IP ATTACKS NGUYEN HONG SON PTITHCM

Network Security Laboratory 23 rd May STATEFUL FIREWALL LAB

Hands-On Ethical Hacking and Network Defense Chapter 6 Enumeration

Handbook. Step by step practical hacking training

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Instituto Superior Técnico, Universidade de Lisboa Network and Computer Security. Lab guide: Traffic analysis and TCP/IP Vulnerabilities

Exam4Tests. Latest exam questions & answers help you to pass IT exam test easily

ICS 451: Today's plan

Router and ACL ACL Filter traffic ACL: The Three Ps One ACL per protocol One ACL per direction One ACL per interface

R (2) Implementation of following spoofing assignments using C++ multi-core Programming a) IP Spoofing b) Web spoofing.

Principles of ICT Systems and Data Security

IMPLEMENTING NETWORK SECURITY. RouterOS. with IP FIREWALL. ADVANCED and EXTRA CONDITIONS

Firewalls. Firewall. means of protecting a local system or network of systems from network-based security threats creates a perimeter of defense

Network and Internet Vulnerabilities

NETWORK SECURITY. Ch. 3: Network Attacks

Computer Network Vulnerabilities

Week Date Teaching Attended 5 Feb 2013 Lab 7: Snort IDS Rule Development

Security+ Guide to Network Security Fundamentals, Fourth Edition. Network Attacks Denial of service Attacks

Penetration testing using Kali Linux - Network Discovery

Introduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013

Internet Protocol and Transmission Control Protocol

Question No: 2 Which identifier is used to describe the application or process that submitted a log message?

Network Security: Firewall, VPN, IDS/IPS, SIEM

TCP/IP Attack Lab. 1 Lab Overview. 2 Lab Environment. 2.1 Environment Setup. SEED Labs TCP/IP Attack Lab 1

Software Engineering 4C03 Answer Key

Computer Security II Lab Network Security

Chapter 1 Ethical Hacking Overview. Revised

Transcription:

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last revised 1-11-17

KonBoot Get into any account without the password Works on Windows and Linux No longer free Link Ch 5r

From the Projects: UBCD Proj 13 Create new administrator user on a Windows computer Based on Win XP Pre-Boot Environment; causes BSOD on some modern systems

Linux-Based UBCD Proj X7 Promote normal user to administrator user on a Windows computer Works well on modern systems

Objectives Describe port scanning Describe different types of port scans Describe various port-scanning tools Explain what ping sweeps are used for Explain how shell scripting is used to automate security tasks 4

Introduction to Port Scanning Port Scanning Finds out which services are offered by a host Identifies vulnerabilities Open services can be used on attacks Identify a vulnerable port Launch an exploit Scan all ports when testing Not just well-known ports 5

6

6

9

Introduction to Port Scanning (continued) Port scanning programs report Open ports Closed ports Filtered ports Best-guess assessment of which OS is running 7

Is Port Scanning Legal? The legal status of port scanning is unclear If you have permission, it's legal If you cause damage of $5,000 or more, it may be illegal For more, see links Ch 5a and Ch 5b 8

Normal TCP Handshake Client SYN! Server Client " SYN/ACK Server Client ACK! Server After this, you are ready to send data 9

SYN Port Scan Client SYN! Server Client " SYN/ACK Server Client RST! Server The server is ready, but the client decided not to complete the handshake 10

Types of Port Scans SYN scan Stealthy scan, because session handshakes are never completed That keeps it out of some log files Three states Closed Open Filtered 11

Types of Port Scans Connect scan Completes the three-way handshake Not stealthy--appears in log files Three states Closed Open Filtered 12

Types of Port Scans NULL scan All the packet flags are turned off Two results: Closed ports reply with RST Open or filtered ports give no response 13

Types of Port Scans XMAS scan FIN, PSH and URG flags are set Works like a NULL scan a closed port responds with an RST packet FIN scan Only FIN flag is set Closed port responds with an RST packet 14

Windows Machines NULL, XMAS and FIN scans don't work on Windows machines Win 2000 Pro and Win Server 2003 shows all ports closed Win XP Pro all ports open/filtered See the NMAP tutorial (link Ch 5c) 15

Types of Port Scans Ping scan Simplest method sends ICMP ECHO REQUEST to the destination(s) TCP Ping sends SYN or ACK to any port (default is port 80 for Nmap) Any response shows the target is up 16

Types of Port Scans (continued) ACK scan Used to get information about a firewall Stateful firewalls track connection and block unsolicited ACK packets Stateless firewalls just block incoming SYN packets, so you get a RST response UDP scan Closed port responds with ICMP Port Unreachable message Rarely used--but much improved in latest Nmap version (2010) 17

Using Port-Scanning Tools Nmap Nessus and OpenVAS (the GPL-licensed fork of Nessus) A complete vulnerabilty scanner, more than a port scanner 23

Nmap Originally written for Phrack magazine One of the most popular tools GUI versions Xnmap and Ubuntu's NmapFE Open source tool Standard tool for security professionals 24

The Matrix Reloaded Trinity uses Nmap Video at link Ch 4e 25

Nessus First released in 1998 Free, open source tool Uses a client/server technology Can conduct tests from different locations Can use different OSs for client and network 29

Nessus (continued) Finds services running on ports Finds vulnerabilities associated with identified services 32

31

OpenVAS (Greenbone) 27

28

29

Conducting Ping Sweeps Ping sweeps Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems Computers that are shut down cannot respond Networks may be configured to block ICMP Echo Requests Firewalls may filter out ICMP traffic 34

FPing Ping multiple IP addresses simultaneously www.fping.com/download Command-line tool Input: multiple IP addresses To enter a range of addresses -g option Input file with addresses -f option See links Ch 5k, 5l 35

36

37

Hping Used to bypass filtering devices Allows users to fragment and manipulate IP packets www.hping.org/download Powerful tool All security testers must be familiar with tool Supports many parameters (command options) See links Ch 5m, Ch 5n 38

39

40

41

Broadcast Addresses If you PING a broadcast address, that can create a lot of traffic Normally the broadcast address ends in 255 But if your LAN is subnetted with a subnet mask like 255.255.255.192 There are other broadcast addresses ending in 63, 127, and 191 42

Smurf Attack Pinging a broadcast address on an old network resulted in a lot of ping responses So just put the victim's IP address in the "From" field The victim is attacked by a flood of pings, none of them directly from you Modern routers don't forward broadcast packets, which prevents them from amplifying smurf attacks Windows XP and Ubuntu don't respond to broadcast PINGs See links Ch 5o, 5p 43

Broadcast Ping at CCSF

Crafting IP Packets Packet components Source IP address Destination IP address Flags Crafting packets helps you obtain more information about a service Tools Fping Hping 45

Understanding Shell Scripting Modify tools to better suit your needs Script Computer program that automates tasks Time-saving solution 46

Scripting Basics Similar to DOS batch programming Script or batch file Text file Contains multiple commands Repetitive commands are good candidate for scripting Practice is the key 47

48

Scapy Packet-crafting python utility Proj 9, 10, 17, X11, X12, X13

Python Write your own tools Using this book in CNIT 124

Pentester Academy

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback