Presentation is loading. Please wait.

Presentation is loading. Please wait.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Published byGonzalo Bowns Modified over 9 years ago

Similar presentations

Presentation on theme: "Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning."— Presentation transcript:

1 Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

2 Hands-On Ethical Hacking and Network Defense2 Objectives Describe port scanning Describe different types of port scans Describe various port-scanning tools Explain what ping sweeps are used for Explain how shell scripting is used to automate security tasks

3 Hands-On Ethical Hacking and Network Defense3 Introduction to Port Scanning Port Scanning Finds out which services are offered by a host Identifies vulnerabilities Open services can be used on attacks Identify a vulnerable port Launch an exploit Scan all ports when testing Not just well-known ports

4 Hands-On Ethical Hacking and Network Defense4

5 5 Introduction to Port Scanning (continued) Port scanning programs report Open ports Closed ports Filtered ports Best-guess assessment of which OS is running

6 Hands-On Ethical Hacking and Network Defense6 Types of Port Scans SYN scan Stealthy scan Connect scan Completes the three-way handshake NULL scan Packet flags are turned off XMAS scan FIN, PSH and URG flags are set

7 Hands-On Ethical Hacking and Network Defense7 Types of Port Scans (continued) ACK scan Used to past a firewall FIN scan Closed port responds with an RST packet UDP scan Closed port responds with ICMP “Port Unreachable” message

8 Hands-On Ethical Hacking and Network Defense8 Using Port-Scanning Tools Nmap Unicornscan NetScanTools Pro 2004 Nessus

9 Hands-On Ethical Hacking and Network Defense9 Nmap Originally written for Phrack magazine One of the most popular tools GUI version Xnmap Open source tool Standard tool for security professionals

10 Hands-On Ethical Hacking and Network Defense10

11 Hands-On Ethical Hacking and Network Defense11 Unicornscan Developed in 2004 Ideal for large networks Scans 65,535 ports in three to seven seconds Handles port scanning using TCP ICMP IP Optimizes UDP scanning

12 Hands-On Ethical Hacking and Network Defense12 NetScanTools Pro 2004 Robust easy-to-use commercial tool Supported OSs *NIX Windows Types of tests Database vulnerabilities E-mail account vulnerabilities DHCP server discovery IP packets and name servers OS fingerprinting

13 Hands-On Ethical Hacking and Network Defense13

14 Hands-On Ethical Hacking and Network Defense14

15 Hands-On Ethical Hacking and Network Defense15 Nessus First released in 1998 Open source tool Uses a client/server technology Conducts testing from different locations Can use different OSs for client and network

16 Hands-On Ethical Hacking and Network Defense16 Nessus (continued) Server Any *NIX platform Client Can be UNIX or Windows Functions much like a database server Ability to update security checks plug-ins Scripts Some plug-ins are considered dangerous

17 Hands-On Ethical Hacking and Network Defense17

18 Hands-On Ethical Hacking and Network Defense18 Nessus (continued) Finds services running on ports Finds vulnerabilities associated with identified services

19 Hands-On Ethical Hacking and Network Defense19

20 Hands-On Ethical Hacking and Network Defense20 Conducting Ping Sweeps Ping sweeps Identify which IP addresses belong to active hosts Ping a range of IP addresses Problems Computers that are shut down cannot respond Networks may be configured to block ICMP Echo Requests Firewalls may filter out ICMP traffic

21 Hands-On Ethical Hacking and Network Defense21 FPing Ping multiple IP addresses simultaneously www.fping.com/download Command-line tool Input: multiple IP addresses Entered at a shell -g option Input file with addresses -f option

22 Hands-On Ethical Hacking and Network Defense22

23 Hands-On Ethical Hacking and Network Defense23

24 Hands-On Ethical Hacking and Network Defense24 Hping Used to bypass filtering devices Allows users to fragment and manipulate IP packets www.hping.org/download Powerful tool All security testers must be familiar with tool Supports many parameters (command options)

25 Hands-On Ethical Hacking and Network Defense25

26 Hands-On Ethical Hacking and Network Defense26

27 Hands-On Ethical Hacking and Network Defense27

28 Hands-On Ethical Hacking and Network Defense28 Crafting IP Packets Packet components Source IP address Destination IP address Flags Crafting packets helps you obtain more information about a service Tools Fping Hping

29 Hands-On Ethical Hacking and Network Defense29 Understanding Shell Scripting Modify tools to better suit your needs Script Computer program that automates tasks Time-saving solution

30 Hands-On Ethical Hacking and Network Defense30 Scripting Basics Similar to DOS batch programming Script or batch file Text file Contains multiple commands Repetitive commands are good candidate for scripting Practice is the key

31 Hands-On Ethical Hacking and Network Defense31

32 Hands-On Ethical Hacking and Network Defense32

33 Hands-On Ethical Hacking and Network Defense33 Summary Port scanning Also referred as service scanning Process of scanning a range of IP address Determines what services are running Port scan types SYN ACK FIN UDP Others: Connect, NULL, XMAS

34 Hands-On Ethical Hacking and Network Defense34 Summary (continued) Port scanning tools Nmap Nessus Unicornscan Ping sweeps Determine which computers are “alive” Shell scripting Helps with automating tasks

Download ppt "Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning."

Similar presentations

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.

Overview The TCP/IP Stack. The Link Layer (L2). The Network Layer (L3). The Transport Layer (L4). Port scanning & OS/App detection techniques. Evasion.
Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.

Network and Application Attacks Contributed by- Chandra Prakash Suryawanshi CISSP, CEH, SANS-GSEC, CISA, ISO 27001LI, BS 25999LA, ERM (ISB) June 2006.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.

COEN 252 Computer Forensics Using TCPDump / Windump for package analysis.
TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
Computer Security Fundamentals

Computer Security Fundamentals
Computer Security and Penetration Testing

Computer Security and Penetration Testing
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.

Hacking Exposed 7 Network Security Secrets & Solutions Chapter 2 Scanning 1.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.

Computer Security Fundamentals by Chuck Easttom Chapter 4 Denial of Service Attacks.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 6 Scanning Information Networking Security and Assurance.

Information Networking Security and Assurance Lab National Chung Cheng University COUNTER HACK Chapter 6 Scanning Information Networking Security and Assurance.

Similar presentations

Ads by Google