Presentation is loading. Please wait.

Presentation is loading. Please wait.

MIS 5211.001 Week 5 Site:

Published byDavis Barkett Modified over 10 years ago

Similar presentations

Presentation on theme: "MIS 5211.001 Week 5 Site:"— Presentation transcript:

1 MIS 5211.001 Week 5 Site: http://community.mis.temple.edu/mis5211sec001f14/ http://community.mis.temple.edu/mis5211sec001f14/

2  ISSA – Delaware Valley  Friday September 26 th  Topics:  Security Vulnerabilities in Automobiles  Vendor Management  Using Risk Strategically  Human Side of Data Protection  Big Data Behavioral  Register  http://www.issa-dv.org/meetings/registration.php http://www.issa-dv.org/meetings/registration.php  Agenda  http://www.issa- dv.org/meetings/agendas/Agenda_ISSA-DV_2014-09- 26.pdf http://www.issa- dv.org/meetings/agendas/Agenda_ISSA-DV_2014-09- 26.pdf 2

3  Questions from last week  In the news  Nmap  Fundmentals  Scan and Scan Options  ZenMap 3MIS 5211.001

4  CVE – Common Vulnerabilities and Exposures  http://cve.mitre.org/ http://cve.mitre.org/  Database of known vulnerabilities  Basically, this is the list that the vulnerability scanner industry writes against MIS 5211.0014

5  Submitted  http://www.infosecurity-magazine.com/news/android- flaw-spells-privacy/ http://www.infosecurity-magazine.com/news/android- flaw-spells-privacy/  Accepting flaws?  http://www.welivesecurity.com/2014/08/28/google- dorks/ http://www.welivesecurity.com/2014/08/28/google- dorks/  External DNS information?  https://www.blackhat.com/html/webcast/10092014- cyberspace-as-battlespace.html https://www.blackhat.com/html/webcast/10092014- cyberspace-as-battlespace.html  http://www.bbc.com/news/technology-29279213 http://www.bbc.com/news/technology-29279213  XSS Vulnerability  Other tools for enumeration?  http://thehackernews.com/2014/09/yahoo-quickly- fixes-sql-injection_19.html http://thehackernews.com/2014/09/yahoo-quickly- fixes-sql-injection_19.html  Building out VPN? 5MIS 5211.001

6  http://www.businessweek.com/articles/2014- 09-18/home-depot-hacked-wide-open http://www.businessweek.com/articles/2014- 09-18/home-depot-hacked-wide-open  http://www.citon.com/7-notable-cyber- attacks-of-last-7-years/ http://www.citon.com/7-notable-cyber- attacks-of-last-7-years/  http://thehackerspost.com/2014/09/massach usetts-institute-technologymit-hacked- sahoo.html http://thehackerspost.com/2014/09/massach usetts-institute-technologymit-hacked- sahoo.html  http://www.myfoxdc.com/story/26610194/te ch-company-finds-mysterious-fake-cell-towers- in-dc-area http://www.myfoxdc.com/story/26610194/te ch-company-finds-mysterious-fake-cell-towers- in-dc-area MIS 5211.0016

7  What I noted  http://motherboard.vice.com/read/a-deep-web- service-will-leak-your-documents-if-the- government-murders-you http://motherboard.vice.com/read/a-deep-web- service-will-leak-your-documents-if-the- government-murders-you  http://threatpost.com/researcher-discloses-wi-fi- thermostat-vulnerabilities/108434 http://threatpost.com/researcher-discloses-wi-fi- thermostat-vulnerabilities/108434  https://blog.lookout.com/blog/2013/09/23/why-i- hacked-apples-touchid-and-still-think-it-is- awesome/ https://blog.lookout.com/blog/2013/09/23/why-i- hacked-apples-touchid-and-still-think-it-is- awesome/  http://www.csoonline.com/article/2687265/applic ation-security/remote-exploit-in-bash-cve-2014- 6271.html http://www.csoonline.com/article/2687265/applic ation-security/remote-exploit-in-bash-cve-2014- 6271.html MIS 5211.0017

8  Recall, two principle packet types  TCP (Transmission Control Protocol)  Connection oriented  Reliable  Sequenced  UDP (User Datagram Protocol)  Connectionless  Best effort (Left to higher level application to detect loss and request retransmission if needed)  Independent (un-sequenced) MIS 5211.0018

9 9 Number of flags have grown over the years, adding flags to the left as new ones are approved With nine flags, there are 512 unique combinations of 1s and 0s Add the three reserved flags and the number grows to 4096

10  Control bits also called “Control Flags”  Defined by RFCs 793, 3168, and 3540  Currently defines 9 bits or flags  See: http://en.wikipedia.org/wiki/Transmission_Contr ol_Protocol http://en.wikipedia.org/wiki/Transmission_Contr ol_Protocol MIS 5211.00110

11  Every “Legal” TCP connection begins with a three way handshake.  Sequence numbers are exchanged with the Syn, Syn-Ack, and Ack packets MIS 5211.00111

12  Per the RFC (793)  A TCP listener on a port will respond with Ack, regardless of the payload  Listener responds with a Syn-Ack  Therefore, if you get a Syn-Ack, something that speaks TCP was listening on that port MIS 5211.00112

13  Port Open  Port Closed or Blocked by Firewall MIS 5211.00113

14  Port Inaccessible (Likely Blocked by Firewall)  Note: Nmap will mark both as “filtered” MIS 5211.00114

15  As you can see, UDP is a lot simpler.  No Sequence Numbers  No flags or control bits  No “Connection”  As a result  Slower to scan  Less reliable scanning MIS 5211.00115

16  Port Open  Port Closed or Blocked by Firewall MIS 5211.00116

17  Port Inaccessible  Could be:  Closed  Blocked going in  Blocked coming out  Service not responding (Looking for a particular payload)  Packet simply dropped due to collision MIS 5211.00117

18  Written and maintained by Fyodor  http://nmap.org/ http://nmap.org/  Note: Lots of good info on the site, but the tutoriak is a bit out of date. Latest info was put in a book and is sold on Amazon  http://www.amazon.com/Nmap-Network- Scanning-Official- Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qi d=1411443925&sr=8-1&keywords=nmap http://www.amazon.com/Nmap-Network- Scanning-Official- Discovery/dp/0979958717/ref=sr_1_1?ie=UTF8&qi d=1411443925&sr=8-1&keywords=nmap MIS 5211.00118

19 MIS 5211.00119

20  Metasploitable  Deliberately vulnerable version of Linux developed for training on Metasploit  We’ll use it here since there will be worthwhile things to find with nmap.  http://sourceforge.net/projects/virtualhackin g/files/os/metasploitable/metasploitable- linux-2.0.0/download http://sourceforge.net/projects/virtualhackin g/files/os/metasploitable/metasploitable- linux-2.0.0/download  UserID: msfadmin Password: msfadmin MIS 5211.00120

21  After downloading the zip file, extract to a convenient location. VMWare should have created a folder in “My Documents” called “Virtual Machines”  Let Kali get started first  Then, select “Open a Virtual Machine” and navigate to the folder for metasploitable. Then launch.  You get a prompt asking if you moved or copied the VM, select “Moved”  Once started, login and issue command ifconfig to get you IP address and your done. MIS 5211.00121

22  Lets try something simple  Nmap 192.168.233.135 MIS 5211.00122

23  There are a number of interesting ports here  ftp  Ssh  telnet  Smtp (Mail)  domain (DNS)  http (Web Server)  Keep in mind, ports are “commonly associated” with these services, but not guaranteed  http://www.iana.org/assignments/service- names-port-numbers/service-names-port- numbers.xhtml http://www.iana.org/assignments/service- names-port-numbers/service-names-port- numbers.xhtml MIS 5211.00123

24  -n – Don’t resolve host names  -nn – Don’t resolve host names OR port names  -v – Verbose, tell me more  -vv – Really Verbose, tell me lots more  -iL – Input from list, get host list from a text file  --exclude – Don’t scan a particular host  --excludefile – Don’t scan hosts from a text file  Remember – “man nmap” MIS 5211.00124

25  Nmap prints a summary of every packet sent or received  May want to limit ports “-p1-1024” or less  There are also  --version-trace  --script-trace MIS 5211.00125

26  -sT – TCP connect() scanning  If connect succeeds, port is open MIS 5211.00126

27  -sS – SYN stealth Scan  If SYN-ACK is received, port is open MIS 5211.00127

28  -sF – Like SYN Scan, less likely to be flagged  Closed port responds w/ RST, Open port drops  Works on RFC 793 compliant systems  Windows not compliant, could differentiate a Windows system MIS 5211.00128

29  -sN – Null scan  Similar to FIN  -sX – Xmas tree scan  Sets FIN, PSH, and URG  -sM – Maiman scan  sets FIN and ACK  All work by looking for the absence of a RST MIS 5211.00129

30  --scanflags  Example:  Nmap –scanflags SYNPSHACK –p 80 19 MIS 5211.00130

31  -sU – 0 Byte UDP Packet  Port unreachable – Port is closed  No response – Port assumed open  Very time consuming  20 ports took 5.46 seconds, -sT scan only took 0.15 MIS 5211.00131

32  -sO – Looks for IP Protocols supported  Sends raw IP packets without additional header information  Takes time MIS 5211.00132

33  -sV – Attempts to determine version of services running MIS 5211.00133

34  -A – Looks for version of OS as well MIS 5211.00134

35  -O – Fingerprint the operating system  -A = -sV + -O MIS 5211.00135

36  Also known as NSE  Written in “Lua”  Activated with “-sC” or “- - script”  Categories  Safe  Intrusive  Malware  Version  Discovery  Vulnerability MIS 5211.00136

37  In Kali, nmap scripts are located in:  /usr/share/nmap/scripts  Can view using either “cat” OR gedits MIS 5211.00137

38  SSL-Heartbleed  Try: nmap –p 443 --script ssl-heartbleed {target}  In this case, 443 is not even open MIS 5211.00138

39  Graphical User Interface for nmap  Why did we just spend that time on the command line?  Better control  Better understanding MIS 5211.00139

40 MIS 5211.00140

41 MIS 5211.00141

42  Look at the arrow  You can add to command line  Remember that SSL-hearbleed script MIS 5211.00142

43 MIS 5211.00143

44 MIS 5211.00144

45  https://www.linux.com/learn/tutorials/3817 94-audit-your-network-with- zenmap?format=pdf https://www.linux.com/learn/tutorials/3817 94-audit-your-network-with- zenmap?format=pdf MIS 5211.00145

46  Readings and Articles as usual  Class will be by Webex  I will set up and mail info to all by Sunday MIS 5211.00146

47 ? MIS 5211.00147

Download ppt "MIS 5211.001 Week 5 Site:"

Similar presentations

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.

TCP/IP Fundamentals A quick and easy way to understand TCP/IP v4.
Review For Exam 2 March 9, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Review For Exam 2 March 9, 2010 MIS 4600 – MBA © Abdou Illia.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 OSI Transport Layer Network Fundamentals – Chapter 4.
Intermediate TCP/IP TCP Operation.

Intermediate TCP/IP TCP Operation.
NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar (http://www.insecure.org), it.

NMAP Scanning Options. EC-Council NMAP  Nmap is the most popular scanning tool used on the Internet.  Cretead by Fyodar ( it.
UDP & TCP Where would we be without them!. UDP User Datagram Protocol.

UDP & TCP Where would we be without them!. UDP User Datagram Protocol.
1 Reading Log Files. 2 Segment Format

1 Reading Log Files. 2 Segment Format
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor

Xmas Tree Scan Detection with Snort Presented by: Aqila Dissanayake University of Windsor Olalekan Kadri University of Windsor
IP Network Scanning.

IP Network Scanning.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.

CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.

CS3505 The Internet and Info Hiway transport layer protocols : TCP/UDP.
Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.

Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing.
System Security Scanning and Discovery Chapter 14.

System Security Scanning and Discovery Chapter 14.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 OSI Transport Layer Network Fundamentals – Chapter 4.
Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 Sponsored by.

Intruder Trends Tom Longstaff CERT Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA Sponsored by.
Scanning February 23, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Scanning February 23, 2010 MIS 4600 – MBA © Abdou Illia.
TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

TCP/IP Network and Firewall. IP Packet Protocol  1 ICMP packet  6 TCP packet  17 UDP packet.

Similar presentations

Ads by Google