December 1, 2000Slide #1 Port Scanning Matt Bishop Department of Computer Science University of California, Davis.

Slides:

Advertisements

Similar presentations

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

Advertisements

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Suneeta Chawla Web Security Presentation Topic : IP Spoofing Date : 03/24/04.

System Security Scanning and Discovery Chapter 14.

Network Layer and Transport Layer.

Firewalls and Intrusion Detection Systems

Vulnerability Analysis Borrowed from the CLICS group.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Web Server Administration

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.

Information Networking Security and Assurance Lab National Chung Cheng University Guidelines on Electronic Mail Security

Port Scanning Yiqian Zhang CS 265 Project. What is Port Scanning? port scanning is equivalent to knocking on the walls to find all the doors and windows.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Computer Security and Penetration Testing

Lesson 19: Configuring Windows Firewall

Network Security With nmap By *** *****. Installing nmap netlab-2# cd /usr/ports/security/nmap netlab-2# make install all.

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

Information Systems CS-507 Lecture 40. Availability of tools and techniques on the Internet or as commercially available software that an intruder can.

Ana Chanaba Robert Huylo

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

FIREWALL Mạng máy tính nâng cao-V1.

Network Security Onno W. Purbo Buku Keamanan Jaringan Internet Toko Buku Gramedia.

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

CIS 450 – Network Security Chapter 3 – Information Gathering.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Implementing a Port Knocking System in C Honors Thesis Defense by Matt Doyle.

1 CHAPTER 3 CLASSES OF ATTACK. 2 Denial of Service (DoS) Takes place when availability to resource is intentionally blocked or degraded Takes place when.

Security at NCAR David Mitchell February 20th, 2007.

Internet Protocol B Bhupendra Ratha, Lecturer School of Library and Information Science Devi Ahilya University, Indore

Linux Networking Security Sunil Manhapra & Ling Wang Project Report for CS691X July 15, 1998.

Linux Networking and Security

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Application Layer Khondaker Abdullah-Al-Mamun Lecturer, CSE Instructor, CNAP AUST.

CHAPTER 3 Classes of Attack. INTRODUCTION Network attacks come from both inside and outside firewall. Kinds of attacks: 1. Denial-of-service 2. Information.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

Security and Firewalls Ref: Keeping Your Site Comfortably Secure: An Introduction to Firewalls John P. Wack and Lisa J. Carnahan NIST Special Publication.

Chapter 8 Network Security Thanks and enjoy! JFK/KWR All material copyright J.F Kurose and K.W. Ross, All Rights Reserved Computer Networking:

Module 10: Windows Firewall and Caching Fundamentals.

Footprinting and Scanning

Hands-On Ethical Hacking and Network Defense

Project briefing Arron Martin Zeus Brown. Outline of briefing Current stage Current stage Developments to date Developments to date Future work Future.

Firewalls Fighting Spyware, Viruses, and Malware Ch 5.

Role Of Network IDS in Network Perimeter Defense.

Quiz 2 Post-Mortem Bruce Maggs. 2 Create a new BitCoin address, and use it only once. E.g., create a new wallet. Create a new address and mine a BitCoin.

-SHAMBHAVI PARADKAR TE COMP  PORT SCANNING.  DENIAL OF SERVICE(DoS). - DISTRIBUTED DENIAL OF SERVICE(DDoS). REFER Pg.637 & Pg.638.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Unit 2 Personal Cyber Security and Social Engineering Part 2.

SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #

Firewalls. Overview of Firewalls As the name implies, a firewall acts to provide secured access between two networks A firewall may be implemented as.

25/09/ Firewall, IDS & IPS basics. Summary Firewalls Intrusion detection system Intrusion prevention system.

Defining Network Infrastructure and Network Security Lesson 8.

Common System Exploits Tom Chothia Computer Security, Lecture 17.

Footprinting and Scanning

CITA 352 Chapter 5 Port Scanning.

Backdoor Attacks.

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Implementing TMG Server Publishing

Footprinting and Scanning

Firewalls Jiang Long Spring 2002.

Session 20 INST 346 Technologies, Infrastructure and Architecture

Presentation transcript:

December 1, 2000Slide #1 Port Scanning Matt Bishop Department of Computer Science University of California, Davis

December 1, 2000Slide #2 Outline F What is port scanning? F How do you do it? F Why should you do it? F Is it ethical? F Some random thoughts

December 1, 2000Slide #3 Port Scanning by Analogy F Look at the door of a building F By looking at the type of door, you may gain information about what the site does –Door with counter halfway up: fast food –Door with heavy glass and sliding tray: drive- up teller –Door with iron bars: jail –Door with multiple locks: “secure” facility

December 1, 2000Slide #4 In Computer Terms F Servers make your computer available to “outsiders” F The functions your computer will perform is reflected by the servers you run F Good place for attackers to check out your computer

December 1, 2000Slide #5 Original Port Scanner Big Bad Wolf 1. Knocked on doors to see if anyone was there 2. Detected type of server (a pig) 3. Attacked at weakness based upon information gleaned from probe (huffed and puffed)

December 1, 2000Slide #6 What is a port? F Each communication (connection or datagram) goes to a port (mailbox) on a system F Port “opened” when a server is listening for a message source smtp 25 www 80 destination

December 1, 2000Slide #7 What is port scanning? F Send a message to port 1 –If rejected, no server listening –If accepted, a server listening F Repeat for some set of ports Symptom: connection/messages to large number of ports, especially from a single source

December 1, 2000Slide #8 What you learn F Port number gives function –Examples: 25 is smtp, 80 is WWW server F May give useful information 220 xxx.yyy ESMTP Sendmail 8.9.3/8.9.3; Sun, 26 Nov :34: (PST) UNIX system running sendmail 220 zzz.yyy Microsoft ESMTP MAIL Service, Version: ready at Sun, 26 Nov :29: Windows system running Microsoft’s mail server

December 1, 2000Slide #9 Attackers F Figure out the operating system –Look for known attack tools, security holes F Figure out which servers are being run –Look for known holes –Obtain information (user names, etc.) about site F Scope out what site is doing –If running amd server, probably an NFS server –Does it relay mail? (Good for spam)

December 1, 2000Slide #10 How do you do it? F Freeware scanners –Best is nmap; does TCP, UDP scanning Can use a variety of probes –Many others available Do web search on “network+port+scanner” F Often included with other programs –SATAN, SARA has one

December 1, 2000Slide #11 Example # nmap -sN -v -F -f bait Starting nmap V by ( ) Host bait.cs.ucdavis.edu ( ) appears to be up... good. Initiating FIN,NULL, UDP, or Xmas stealth scan against bait.cs.ucdavis.edu ( ) The UDP or stealth FIN/NULL/XMAS scan took 2 seconds to scan 1062 ports. All 1062 scanned ports on bait.cs.ucdavis.edu ( ) are: closed Nmap run completed -- 1 IP address (1 host up) scanned in 2 seconds

December 1, 2000Slide #12 Why you should do it F Learn what attackers will see –These are starting points of attack F Look for unauthorized services –Someone may be running a server with known problems –Someone may be running an unauthorized server on a high port –Someone may be running unauthorized server on legitimate port

December 1, 2000Slide #13 Examples F Enable ftp over port 25 –Looks like mail, but allows file transfers F Tunneling –Encapsulate ftp messages into , send it over, and recipient’s system throws it over to ftp –Known technology; BITNET, CSNET allowed ftp by

December 1, 2000Slide #14 What about firewalls? F Idea: block probes from outside F Problem: if a client can get through, so can a probe –Firewall may be programmed to allow connection/datagram (probe) through –Firewall may be mis-configured –Policy may be incorrect

December 1, 2000Slide #15 Is It Ethical? F Consider our door F If you check the doors of your house to see which are unlocked, that’s fine F If you check the doors of your neighbor’s house, that’s questionable –Is it illegal if you don’t open the door?

December 1, 2000Slide #16 Random Thoughts F When is it port scanning? –Can be done very slowly –Unintentional connections, messages to various ports F What does it mean? –Curiosity –Precursor to attack

December 1, 2000Slide #17 Doing It Right (Attacking) F Port scan from multiple hosts –Ideally, from different networks F Port scan a single host over a period of days or weeks –This makes it harder for monitoring tools to detect F Scan ports in random order –Use different types of probes (TCP, half-open, FIN, Christmas tree, etc.)

December 1, 2000Slide #18 What You Can Do F Realize you cannot prevent this –If it’s critical to run dangerous services, limit their visibility to outsiders using a firewall F Keep system up to date with all security patches F If possible, monitor traffic to critical hosts and infrastructure components to detect these –May not be feasible

December 1, 2000Slide #19 A Final Thought When it seems hopeless, remember Dorothy Parker's words: Razors pain you; Rivers are damp; Acids stain you; And drugs cause cramp. Guns aren't lawful; Nooses give. Gas smells awful; You might as well live.

December 1, 2000Slide #20 Contact Information Matt Bishop Department of Computer Science University of California at Davis Davis, CA phone: (530) , (530) (lab)