Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Slides:



Advertisements
Similar presentations
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Computer Security Fundamentals
Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Table of Contents 3 - IDS types 8 - Ethernet Frame 9 - IP frame 10 - TCP frame 11 - UDP frame 12 - ICMP Frame way handshake 15 - TCP flags 16 -
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Port Scanning CT1406 lab#5.
Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許 富 皓.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing
Port Scanning.
1 Figure 5-4: Drivers of Performance Requirements: Traffic Volume and Complexity of Filtering Performance Requirements Traffic Volume (Packets per Second)
Ana Chanaba Robert Huylo
Internet Control Message Protocol ICMP. ICMP has two major purposes: –To report erroneous conditions –To diagnose network problems ICMP has two major.
SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.
Data Gathering A hacker can’t do anything to you if they don’t know anything about you. The hacker requires: –A target –Your ip address –Your OS type –What.
 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)
1 The Attack and Defense of Computers Dr. 許 富 皓. 2 Tracerouting.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Chapter 6-2 the TCP/IP Layers. The four layers of the TCP/IP model are listed in Table 6-2. The layers are The four layers of the TCP/IP model are listed.
Hybrid Approaches Towards Optimized Network Discovery Techniques By David Meltzer.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
 network appliances to filter network traffic  filter on header (largely based on layers 3-5) Internet Intranet.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF
Hands-On Ethical Hacking and Network Defense
Scanning.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Network and Port Scanning Chien-Chung Shen
Protection (tools).
Hands-On Ethical Hacking and Network Defense
Networks Fall 2009.
Penetration Testing Scanning
Computer Security Fundamentals
Port Scanning James Tate II
CITA 352 Chapter 5 Port Scanning.
Port Scanning (based on nmap tool)
8 Network Layer Part V Computer Networks Tutun Juhana
CIT 480: Securing Computer Systems
Information Gathering
Module 18 (More Network Discovery)
Footprinting and Scanning
Acknowledgement Content from the book:
46 to 1500 bytes TYPE CODE CHECKSUM IDENTIFIER SEQUENCE NUMBER OPTIONAL DATA ICMP Echo message.
EVAPI - Enumeration Auburn Hacking club
Transport Layer 9/22/2019.
Presentation transcript:

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing

PING Sweeps PING is used to send ICMP Echo type 8 packets to determined if a Type 0 reply is received indicating the system is alive. Type 0 Echo Reply Type 3 Destination unreachable Type 4 Source Quench Type 8 Echo Type 11 Time exceeded Type 13 Timestamp Reply Type 15 Info Request Type 16 Info Reply

FPING Fping for unix systems, can read the contents of a file listing a range of IP addresses Fping –a –f in.txt

NMAP NMAP –Sp /24

Superscan for Windows

Port Scanning Determining what services are running or listening by connecting to TCP and UDP ports

Scan Types TCP Connect (full three way hand shake SYN, SYN/ACK, ACK) TCP SYN (half open scan SYN/ACK listening state, RST/ACK not listening) TCP FIN (UNIX, if closed a RST is replied) TCP xmas tree FIN, URG and PUSH if closed a RST is replied) TCP Null (if closed a RST is replied) TCP Ack (Firewall rule sets, stateful firewalls) TCP Windows (detects open and filter ports) TCP RPC (Unix, detect RPC ports) UDP (connectionless, used to receive an ICMP unreachable message for closed ports) SYN SYN/ACK ACK Server Client

Netcat Nc –v –x –w

Nmap Unix based Nmap –Ss

Port Scanners Unix Strobe Tcp_scan Nmap Netcat Windows Netcat Superscan Winscan ipEye WUPS ScanLine

Banner Grabbing Banner Grabbing is the act of connecting to a network available service or application Ports 135, 139, 445: generally denotes a Windows system Ports : Unix ‘r’ commands

Banner Grabbing Nmap –O port state Protocol Service 21Opentcpftp We could also use packet filtering to grab information!

Banner Grabbing Automated discovery tools give graphical displays of networks such as Tkined, cheops and Scotty

War Dialing Used to dial Telephone numbers searching for remote access/modem connections

Countermeasures Detect a potential attack early Use an IDS such as or Genius at Filter ICMP traffic through Firewall Use ACLs

Exercise Download an IP scanner, port scanner and network IDS in groups of three perform scans, banner grabbing and NID

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.