Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

Slides:



Advertisements
Similar presentations
Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Advertisements

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals
Nmap Experiment.
CIS 193A – Lesson13 Attack and Defense. CIS 193A – Lesson13 Focus Question Describe how Nmap, psad, and iptables work together for playing out attack.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Network Security of Labnet ******. Introduction Test the network security of the servers on our Labnet domain Find Potential Weaknesses Find Security.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
Port Scanning CT1406 lab#5.
Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 6 Scanning Information Networking Security and Assurance.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.
1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.
電腦攻擊與防禦 The Attack and Defense of Computers Dr. 許 富 皓.
Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.
Computer Security and Penetration Testing
Deff Arnaldy
Port Scanning.
Ana Chanaba Robert Huylo
SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Firewalls. Evil Hackers FirewallYour network Firewalls mitigate risk Block many threats They have vulnerabilities.
Port Scanning 0x470~0x480 Presenter SangDuk Seo 1.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
CIS 450 – Network Security Chapter 3 – Information Gathering.
1 CSCD434 Lecture 8 Spring 2014 Scanning Activities Network Mapping and Scanning.
Port Scanning. Introduction Port scanning –techniques that attackers use to discover services they can break into. Idea –sending a message to each port,
1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.
Snort & Nmap Mike O’Connor Eric Tallman Matt Yasiejko.
CIT 380: Securing Computer Systems
Port Scanning and Enumeration (NMAP)
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.
Chapter 2 Scanning Last modified Determining If The System Is Alive.
1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.
Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.
Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.
Slide #1 CIT 380: Securing Computer Systems TCP/IP.
Hands-On Ethical Hacking and Network Defense
Scanning.
Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.
Network and Port Scanning Chien-Chung Shen
Protection (tools).
Hands-On Ethical Hacking and Network Defense
Penetration Testing Scanning
Computer Security Fundamentals
Port Scanning James Tate II
CITA 352 Chapter 5 Port Scanning.
Intro to Ethical Hacking
Hping2.
Port Scanning (based on nmap tool)
CIT 480: Securing Computer Systems
Information Gathering
Module 18 (More Network Discovery)
Intro to Ethical Hacking
The Siphon Project An Implementation of Stealth Target Acquisition & Information Gathering Methodologies Introduction: Introduce self, Chris introduce.
EVAPI - Enumeration Auburn Hacking club
Presentation transcript:

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners

Information Networking Security and Assurance Lab National Chung Cheng University 2 Introduction The first step in the process of hacking  Discover the services  Version label  Operation System Send few packets to the host

Information Networking Security and Assurance Lab National Chung Cheng University 3 Pre Study TCP Packet Header

Information Networking Security and Assurance Lab National Chung Cheng University 4 TCP conversation ClientServer SYN SYN/ACK ACK Connection Established ClientServer FIN ACK/FIN ACK ConnectionClosed Connect Disconnect Three-way handshake

Information Networking Security and Assurance Lab National Chung Cheng University 5 TCP Flag Definitions Flag SYNThe beginning of a connection ACKAcknowledge receipt of a previous packet or transmission FINClose a TCP connection RSTAbort a TCP connection

Information Networking Security and Assurance Lab National Chung Cheng University 6 Scanning for Hosts Is the host alive ? Method  Ping nmap –sP  TCP Ping nmap –sT

Information Networking Security and Assurance Lab National Chung Cheng University 7 Scanning for TCP Ports TCP connect  nmap –sT RCP service  nmap –sR

Information Networking Security and Assurance Lab National Chung Cheng University 8 SYN Scan Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes SYNSYN/ACKPort is open Host is up SYNRSTPort is closed Host is up SYNNothingPort is blocked by firewall Or Host is down Nmap –sS

Information Networking Security and Assurance Lab National Chung Cheng University 9 ACK Scan Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes ACKRSTPort is not firewall-protect Port may be open or closed Host is up ACKNothing or ICMP unreachable Port is blocked by firewall if host is up No firewall~ Protected by firewall~ Nmap –sA

Information Networking Security and Assurance Lab National Chung Cheng University 10 FIN Scan Nmap Host Connect FIN RST Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes FINRSTPort is closed Host is up FINNothingPort is open if host is up and not firewall-protected Nmap –sF

Information Networking Security and Assurance Lab National Chung Cheng University 11 Xmas Scan Non-normal TCP operation Set the flags FIN,URG,PUSH With –sX Nmap –sX

Information Networking Security and Assurance Lab National Chung Cheng University 12 Null scan Turn off all flags With -sN Nmap –sN

Information Networking Security and Assurance Lab National Chung Cheng University 13 Scanning for UDP Ports Nmap Host Connect Empty UDP Packet ICMP unreachable Nmap sends to Host Port Nmap receives from Host Port Nmap Assumes Empty UDP packet NothingPort assumed open if host responds to Ping. Port may be closed if firewall blocking ICMP Empty UDP packet ICMP unreachablePort is closed Nmap –sU

Information Networking Security and Assurance Lab National Chung Cheng University 14 Scanning for Protocol IP Header Nmap –sO

Information Networking Security and Assurance Lab National Chung Cheng University 15 Decoys Fragmentation Hiding Your Scan (-D) (-r)(-f) Nmap –sS –f With –sS –sF –sN -sX FTP Bounce Nmap –b –p Nmap –D Disable Randomizing Ports Nmap –r

Information Networking Security and Assurance Lab National Chung Cheng University 16 Timing Your Scan Time-based algorithm Using -T option Nmap –T nameProbe Response Timeout Time Spent on One Host Time between Probes Use Parallelized Probes Paranoid5 minUnlimited5 minNo Sneaky15 secUnlimited12 secNo Polite6 secUnlimited0.4 secNo Normal6 secUnlimitedNoneNo Aggressive1 sec5 minNoneYes Insane0.3 sec75 secNoneYes

Information Networking Security and Assurance Lab National Chung Cheng University 17 TCP Reverse Ident Scanning Who runs the process (-I) Nmap –I

Information Networking Security and Assurance Lab National Chung Cheng University 18 OS Fingerprinting With –O flag Sending specially TCP and UDP headers Analyze the result and compare information OS information

Information Networking Security and Assurance Lab National Chung Cheng University 19 OS Detection on Linux Nmap –O

Information Networking Security and Assurance Lab National Chung Cheng University 20 Mapping Networks Scanning a Class C subnet

Information Networking Security and Assurance Lab National Chung Cheng University 21 Mapping Networks Port scans in IP section

Information Networking Security and Assurance Lab National Chung Cheng University 22 Scanning Tools on windows Netscantools Superscan IPEYE WUPS

Information Networking Security and Assurance Lab National Chung Cheng University 23 Netscantools Powerful tools Port scanner+finger+whois+traceRoute...etc

Information Networking Security and Assurance Lab National Chung Cheng University 24 Super Scan

Information Networking Security and Assurance Lab National Chung Cheng University 25 IPEYE TCP stealth scan SYN, FIN, Xmas tree, and null scan

Information Networking Security and Assurance Lab National Chung Cheng University 26 WUPS Scanning UDP ports for Windows

Information Networking Security and Assurance Lab National Chung Cheng University 27 Banner Identification Get the information normally  Hostname  Program  Version

Information Networking Security and Assurance Lab National Chung Cheng University 28 Using your “Telnet” Try this FTP ServiceTelnet Service World Wide Web Service

Information Networking Security and Assurance Lab National Chung Cheng University 29 Message log Generate TCP connect() method Normal timing option System Log

Information Networking Security and Assurance Lab National Chung Cheng University 30 Summary Protect your host Dishonesty Footprints in the sand show where one has been.

Information Networking Security and Assurance Lab National Chung Cheng University 31 Reference Nmap Tcmpdump Superscan tm tm Netscanools RFC 1700 RFC 793

Information Networking Security and Assurance Lab National Chung Cheng University 32 What is RPC Service ? Remote Procedure Call 程序呼叫  一個程式裡一部份呼叫另一部份去做某項工作

Information Networking Security and Assurance Lab National Chung Cheng University 33 UDP_SCAN

Information Networking Security and Assurance Lab National Chung Cheng University 34 UDP_SCAN

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.