Port Scanning and Enumeration (NMAP)

Slides:

Advertisements

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Advertisements

Security Scan melalui Internet Onno W. Purbo

TRUE Blind ip spoofed portscanning Thomas Olofsson C.T.O Defcom.

Network Mapping  Identify Live Hosts  Determine running Services TCP Port Scanning UDP Port Scanning Banner Grabbing ARP Discovery  Identify Perimeter.

Nmap Experiment.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

System Security Scanning and Discovery Chapter 14.

Vulnerability Analysis Borrowed from the CLICS group.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

1 Anti-Hacker Tool Kit Port Scanners Chapter 6. 2 Introduction The first step in the process of hacking –Discover the services –Version label –Operation.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

Week 3-1 Week 3 Scanning Determine if system is alive Determine which services are running or listening Determine the OS.

Computer Security and Penetration Testing

Click to edit Master subtitle style Chapter 17: Troubleshooting Tools Instructor:

Port Knocking Software Project Presentation Paper Study – Part 1 Group member: Liew Jiun Hau ( ) Lee Shirly ( ) Ong Ivy ( )

Ana Chanaba Robert Huylo

SCSC 555 Frank Li.  Port scanning  Port-scanning tools  Ping sweeps 2.

Taeho Oh/PLUS 3rd CONCERT Workshop Nov Intrusion demonstration Part I Postech PLUS Taeho Oh (PLUS015)

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

AppSec USA 2014 Denver, Colorado nmap 101 An introduction to the timeless network scanner.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

Shadow Security Scanner Li,Guorui. Introduction Remote computer vulnerabilities scanner Runs on Windows Operating Systems SSS also scans servers built.

CIS 450 – Network Security Chapter 3 – Information Gathering.

A Virtual Honeypot Framework Author: Niels Provos Published in: CITI Report 03-1 Presenter: Tao Li.

MIS Week 4 Site:

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

1 Reconnaissance, Network Mapping, and Vulnerability Assessment ECE4112 – Internetwork Security Georgia Institute of Technology.

Linux Networking and Security

Information Networking Security and Assurance Lab National Chung Cheng University 1 Port Scanners.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Chapter 2 Scanning Last modified Determining If The System Is Alive.

1 Lab 1: Reconnaissance, Network Mapping, and Vulnerability Assessment Reconnaissance Scanning Network Mapping Port Scanning OS detection Vulnerability.

Scanning & Enumeration Lab 3 Once attacker knows who to attack, and knows some of what is there (e.g. DNS servers, mail servers, etc.) the next step is.

Trinity Uses Nmap, shouldn’t you?. From “The Art of War” "... knowing your enemy 100% of the time, you will win your battle 100% of the time, knowing.

1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.

1 Security Penetration Testing Angela Davis Mrinmoy Ghosh ECE4112 – Internetwork Security Georgia Institute of Technology.

.  Define risk and risk management  Describe the components of risk management  List and describe vulnerability scanning tools  Define penetration.

1 CSCD434 Lecture 7 Spring 2012 Scanning Activities Network Mapping and Scanning.

Advanced Packet Analysis and Troubleshooting Using Wireshark 23AF

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

CTC228 Nov Today... Catching up with group projects URLs and DNS Nmap Review for Test.

Hands-On Ethical Hacking and Network Defense

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

Network and Port Scanning Chien-Chung Shen

Jen Beveridge and Joe Kolenda. Developed by Gordon Lyon Features –Host discovery –Port scanning –Version detecting –OS detection –Scriptable interaction.

Hands-On Ethical Hacking and Network Defense

Jen Beveridge and Joe Kolenda

Port Scanning James Tate II

Click to edit Master subtitle style

Introduction to Network Scanning

General Classes of TCP/IP Problems

CITA 352 Chapter 5 Port Scanning.

Calvin Wilson Craig Delzangle

Hacking Unix/Linux.

Security Scan melalui Internet

CIT 480: Securing Computer Systems

Information Gathering

Digital Pacman: Firewall Edition

Hush Smart Baby Monitor Exploit

EVAPI - Enumeration Auburn Hacking club

Presentation transcript:

Port Scanning and Enumeration (NMAP) Network Security Port Scanning and Enumeration (NMAP)

Port Scanning Definition: Probing the ports on a remote machine to gain information Port – a virtual identifier on a system for a particular application/protocol Examples: ftp: port 21 ssh: port 22 telnet: port 23 http: port 80 Oracle: port 1521 Usefulness Attacker: which ports are open? Defender: which ports are potential vulnerabilities?

Specific Uses Find out if system is up Ping scanning Find open/vulnerable ports – what services are available? Port scanning Operating System identification TCP/IP fingerprinting Based on packet TTL, packet size, flags set on SYN/SYN|ACK packets in TCP handshaking

How to use this information Identify exposed ports/services Shut down any unneeded services Famous last words - “I didn’t know X was running on my system” Ensure that services that are running do not have security vulnerabilities

Issues Possible problems with usage Ethics Options can flood target machine with packets, potentially affecting it Ethics Is it ethical to probe an arbitrary system? Most say “no” Identification of probing system http://www.insecure.org/nmap/idlescan.html

Port Scanning Tools Unix/Linux Windows nmap HPING2 udp_scan netcat (nc) Windows SuperScan4 WinScan ipEye

nmap One of many software implementations of a port scanner Open source Available on Windows and Unix Supports many hardware options, including some PDAs Now with GUI front ends Linux: nmapfe Windows: nmapwin http://www.insecure.org

nmap features Identifies open ports Options for regular or stealth scanning Regular scanning – attempt full connection with port; scanned system knows scan is occurring and can identify scanner Stealth scanning – attempt partial connection with port; scanned system may not know scan is occurring and may not be able to identify scanner Attempts to identify operating system Usually correct, but can be fooled

nmap Output Example Starting nmap V. 2.54 (www.insecure.org) Interesting ports on (www.xxx.yyy.zzz) (The xxxx ports scanned but not shown here are in state: closed) Port State Service 22/tcp open ssh 47017/tcp open unknown TCP Sequence Prediction: Class-random positive increments Difficulty=3980866 (Good luck!) Remote operating system guess: Linux 2.1.122 – 2.2.16 Nmap run completed - - 1 IP address (1 host up) scanned in 5 seconds

SuperScan4 Nice Windows GUI Many extra options Information on ports/services in HTML report format