Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
-
Upload
gonzalo-bowns -
Category
Documents
-
view
219 -
download
1
Transcript of Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense
Chapter 5Port Scanning
Hands-On Ethical Hacking and Network Defense 2
Objectives
• Describe port scanning
• Describe different types of port scans
• Describe various port-scanning tools
• Explain what ping sweeps are used for
• Explain how shell scripting is used to automate security tasks
Hands-On Ethical Hacking and Network Defense 3
Introduction to Port Scanning
• Port Scanning• Finds out which services are offered by a host• Identifies vulnerabilities
• Open services can be used on attacks• Identify a vulnerable port• Launch an exploit
• Scan all ports when testing• Not just well-known ports
Hands-On Ethical Hacking and Network Defense 4
Hands-On Ethical Hacking and Network Defense 5
Introduction to Port Scanning (continued)
• Port scanning programs report• Open ports• Closed ports• Filtered ports• Best-guess assessment of which OS is
running
Hands-On Ethical Hacking and Network Defense 6
Types of Port Scans
• SYN scan• Stealthy scan
• Connect scan• Completes the three-way handshake
• NULL scan• Packet flags are turned off
• XMAS scan• FIN, PSH and URG flags are set
Hands-On Ethical Hacking and Network Defense 7
Types of Port Scans (continued)
• ACK scan• Used to past a firewall
• FIN scan• Closed port responds with an RST packet
• UDP scan• Closed port responds with ICMP “Port
Unreachable” message
Hands-On Ethical Hacking and Network Defense 8
Using Port-Scanning Tools
• Nmap
• Unicornscan
• NetScanTools Pro 2004
• Nessus
Hands-On Ethical Hacking and Network Defense 9
Nmap
• Originally written for Phrack magazine
• One of the most popular tools
• GUI version• Xnmap
• Open source tool
• Standard tool for security professionals
Hands-On Ethical Hacking and Network Defense 10
Hands-On Ethical Hacking and Network Defense 11
Unicornscan
• Developed in 2004• Ideal for large networks• Scans 65,535 ports in three to seven seconds• Handles port scanning using • TCP• ICMP• IP
• Optimizes UDP scanning
Hands-On Ethical Hacking and Network Defense 12
NetScanTools Pro 2004
• Robust easy-to-use commercial tool• Supported OSs• *NIX• Windows
• Types of tests• Database vulnerabilities• E-mail account vulnerabilities• DHCP server discovery• IP packets and name servers• OS fingerprinting
Hands-On Ethical Hacking and Network Defense 13
Hands-On Ethical Hacking and Network Defense 14
Hands-On Ethical Hacking and Network Defense 15
Nessus
• First released in 1998
• Open source tool
• Uses a client/server technology
• Conducts testing from different locations
• Can use different OSs for client and network
Hands-On Ethical Hacking and Network Defense 16
Nessus (continued)
• Server• Any *NIX platform
• Client• Can be UNIX or Windows
• Functions much like a database server
• Ability to update security checks plug-ins• Scripts
• Some plug-ins are considered dangerous
Hands-On Ethical Hacking and Network Defense 17
Hands-On Ethical Hacking and Network Defense 18
Nessus (continued)
• Finds services running on ports• Finds vulnerabilities associated with
identified services
Hands-On Ethical Hacking and Network Defense 19
Hands-On Ethical Hacking and Network Defense 20
Conducting Ping Sweeps
• Ping sweeps• Identify which IP addresses belong to active
hosts• Ping a range of IP addresses
• Problems• Computers that are shut down cannot
respond• Networks may be configured to block ICMP
Echo Requests• Firewalls may filter out ICMP traffic
Hands-On Ethical Hacking and Network Defense 21
FPing• Ping multiple IP addresses simultaneously• www.fping.com/download• Command-line tool• Input: multiple IP addresses• Entered at a shell• -g option
• Input file with addresses• -f option
Hands-On Ethical Hacking and Network Defense 22
Hands-On Ethical Hacking and Network Defense 23
Hands-On Ethical Hacking and Network Defense 24
Hping• Used to bypass filtering devices• Allows users to fragment and manipulate IP packets
• www.hping.org/download
• Powerful tool• All security testers must be familiar with tool
• Supports many parameters (command options)
Hands-On Ethical Hacking and Network Defense 25
Hands-On Ethical Hacking and Network Defense 26
Hands-On Ethical Hacking and Network Defense 27
Hands-On Ethical Hacking and Network Defense 28
Crafting IP Packets
• Packet components• Source IP address• Destination IP address• Flags
• Crafting packets helps you obtain more information about a service
• Tools• Fping• Hping
Hands-On Ethical Hacking and Network Defense 29
Understanding Shell Scripting
• Modify tools to better suit your needs
• Script• Computer program that automates tasks• Time-saving solution
Hands-On Ethical Hacking and Network Defense 30
Scripting Basics
• Similar to DOS batch programming
• Script or batch file• Text file• Contains multiple commands
• Repetitive commands are good candidate for scripting
• Practice is the key
Hands-On Ethical Hacking and Network Defense 31
Hands-On Ethical Hacking and Network Defense 32
Hands-On Ethical Hacking and Network Defense 33
Summary
• Port scanning• Also referred as service scanning• Process of scanning a range of IP address• Determines what services are running
• Port scan types• SYN• ACK• FIN• UDP• Others: Connect, NULL, XMAS
Hands-On Ethical Hacking and Network Defense 34
Summary (continued)
• Port scanning tools• Nmap• Nessus• Unicornscan
• Ping sweeps• Determine which computers are “alive”
• Shell scripting• Helps with automating tasks