Presentation is loading. Please wait.

Presentation is loading. Please wait.

Protection (tools).

Published byStuart Mosley Modified over 7 years ago

Similar presentations

Presentation on theme: "Protection (tools)."— Presentation transcript:

1 Protection (tools)

2 Home of nmap Evaluation of many security tools

3 The “sniffer” of the Internet
“packet” capture The “sniffer” of the Internet

4 “The network Swiss army knife”
Netcat “The network Swiss army knife”

5 Netcat Open a TCP session with a server Open a TCP server and a client
nc Open a TCP server and a client nc -l -p 5000 nc Open a IDP server and a client nc -l -u -p 2222 nc -u Port scanning nc -vzu File transfer nc -l -p 3333 > archivoDestino.txt nc < archivoOrigen.txt Remote command execution nc -l -p e /bin/sh nc

6 Nmap (Network Mapper)

7 Nmap (Zenmap)

8 Nmap (Zenmap)

9 Nmap (Zenmap)

10 Nmap PORT STATE SERVICE
The default scan verifies the 1000 most used ports (TCP and UDP) STATE Open Responding in active form Closed Responds actively to the explration but it doesn't have a service running (listening to that port) Filtered Protected by a firewall Unfiltered The scanninjg knows if the port is open or closed Open/Filtered Closed/Filtered

11 Nmap explorations Multiple machines A range of IP addresses
,11,16 A range of IP addresses * A complete subnet /24 A list nmap -iL lista.txt Random targets nmap -IR n Excluding some machines nmap /24 –exclude nmap /24 –exclude

12 Options for discovery Before doing an exploration nmap attempts sending echo requests to see if the target is alive But the firewalls can block ICMP The nmap attempts to connect to ports 80, 139 and 443 But with protected systems this is not enough.....

13 Options for discovery -PN -sP Do not do ping first
Just skip the echo-request in case there is a firewall -sP Do a ping to each target Useful to know which machines are alive It also sends back the MAC addresses

14 Options for discovery -PS -PA ping SYN TCP Send segments SYN
Port 80 is the default Other ports can be used -PS22,80,443,etc -PA ping ACK TCP Send segments ACK -PA22,80,443,etc

15 Options for discovery -PU -PY Ping UDP
Sends segments UDP waiting for any answer Default port # is 40125 Other ports can be used -PU53,1021,5000,etc -PY Ping SCTP INIT Default port # is 80 -PY22,80,443,etc

16 Options for discovery -PE -PP -PM Ping echo ICMP Sends a normal ping
It is the default option -PP Ping timestamp ICMP In case only the echo-requests are being blocked -PM Ping Address Mask ICMP

17 Options for discovery -PO -PR Ping with IP protocol
Using layer 4 protocols 1, 2 y 4 are used by default Others can be used PO1,2,4, etc -PR Ping with ARP It is default in a local network It is a lot faster than other methods Machines do not block this, even if they are behind a firewall

18 Options for discovery --traceroute -R -n Normal traceroute output
Functionality is superior (?) -R Inverse DNS resolution It is useful when a block is being analized It throws relevant information (?) It has an impact in the exploration time -n Disable DNS inverse resolution When scanning several machines, it reduces considerable the exploration time

19 Advanced options for scanning
-sS TCP SYN scan Default for root user Sends SYN segments to the target and waits for any answer It is an stealthy scan because does not try a complete connection with the target and many systems will not log the attempt The stealthy part is not guaranteed

20 Advanced options for scanning
-sT TCP Connect scan The default for normal users Open the connection and abort it inmediately Slower than the stealthy

21 Advanced options for scanning
-sU UDP scan Eventhough the typical try is look for TCP services TCP NULL scan Segments with all the flags off (0) Tries to fool the firewall -sF TCP FIN scan FIN flag on (1)

22 Advanced options for scanning
-sX Xmas scan URG, FIN and PSH flags on (1) Tries to fool the firewall --scanflags Custom TCP scan Turn on any flag --scanflags FINACK (without spaces) -sA TCP ACK scan Looks for RST answers If it does not receive any answer the target is supposedly filtered by a firewall Answer is filtered or unfiltered (no open/closed)

23 Advanced options for scanning
-sO IP scan Displays which protocols are being used by the target It is useful identifying which protocols can be used in subsequent scans --send-eth Sends raw ethernet frames

24 Port options -F -p Fast scan
By default the 1000 most popular ports are scanned, this options reduces the number to 100 -p Specific ports scan Separated by comas or specified as a range -p 25,53,80-200 Port names can be also used -p smtp,http Also protocols can be specified -p U:53, T:25 -p “*” all the ports

25 Port options --top-ports -r -sV Scan the n most used ports
--top-ports top-ports 2000 -r Secuencial scan The default is a random order (obvious reasons) The output is ordered anyways -sV Detection of version and manufacturer

26 Operating System detection
Based in the type of answer obtained It is called TCP/IP fingerprinting -O OS detection option -v more information (verbosity) If the OS is not detected, the finferprint is displayed. You can send it to nmap sauying which OS is --osscan-guess Tries to guess --fuzzy synonim with previous option

27 Exploración de puertos (“Idle scan”)(-sI)
Fuente: Insecure.org

28 Exploración de puertos (“Idle scan”)(-sI)
Fuente: Insecure.org

29 Exploración de puertos (“Idle scan”)(-sI)
Fuente: Insecure.org

30 Vulnerabilities assesment
Nessus Vulnerabilities assesment

31 Determine which machines are reachable and active
Exploration Determine which machines are reachable and active Ping scanning What services are active Port scanning Versions of the services What Operating Systems the machines are using OS identification (OS fingerprinting) Client/server They can be in the same machine

Download ppt "Protection (tools)."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
CISCO NETWORKING ACADEMY Chabot College ELEC 99.05 Transport Layer (4)

CISCO NETWORKING ACADEMY Chabot College ELEC Transport Layer (4)
Computer Security Fundamentals

Computer Security Fundamentals
Nmap Experiment.

Nmap Experiment.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.

Scanning CS391. Overview  The TCP protocol: quick overview  Scanning  Fingerprinting  OS Detection.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.

Scanning slides (c) 2012 by Richard Newman based on Hacking Exposed 7 by McClure, Scambray, and Kurtz.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.

Similar presentations

Ads by Google