Randall Lewis
Zenmap and Nessus Lab
Nessus is a proprietary comprehensive vulnerability scanner which is developed by Tenable
Network Security. Below are results of an analysis and screen shots
104 Quick Scan
103 Intense Scan
103 Quick Scan
105 Intense scan plus UDP
105 Ping Scan
106 Quick traceroute Scan
106 Regular Scan
A) Ping Sweeping
C) TCP Connect
D) Stealth Scanning
E) UDP Scanning
F) Which OS is Running
G) Other Options
Part A:
1. Several services running on each host:
Echo
Discard
Daytime
Chargen
qotd
ssh
telnet
dsp
unknown
2. Nmap's ability to identify the operating system running on each system:
Nmap is able to identify the Operating System running on each system by containing a large list/database
( nmap-os-db database) of heuristics that act differently when responding to selections of TCP/IP probes.
So depending on the responses determines the type of OS that is operating. So Nmap does let you know
what OS is operating.
Is there any
Nmap feature than can be used to guess the OS of the host? Explain your answer.
Using the ports that are open and the probable services running on those ports,
I determined what operating systems are running on the devices:
The Operating systems that is running is Windows. Certain ports that are open:For Example: 7 - Echo, 21
- tcp, 22- ssh and 110 - pop3 are common ports that are related to Windows.
3. The host that appears most secure and least secure are:
192.168.100.103 is the most secure Host because it has 991 Closed ports which is the least number of open
ports.
192.168.100.106 is the least secure because it has the most open ports.
4. Several uses of Nmap:
NMAP can be used in many different ways. It can let you know the device type and/or which kind of
routers, or printers. The type of operating system, this was a hacker can figure out what tool to use in
exploit a vulnerability.
Nmap can show wish host are up and running. This can be done by doing a ping sweep and the ones that
are connected are the ones that are up.
Stealth Scanning is an option also, some hackers may not want to let the person know that they are being
scanned and in stealth scanning and the TCP 3-way connection is never established.
5. The feature of Nmap that I find the most useful:
I found the Ping Sweeping the most useful. Because knowing which networks are up and connected,. This
is most important because you don't want to attack a host that is not connected.
6. The feature of Nmap that I find the most difficult to use:
I found the OS Fingerprinting the most difficult because it has to be combined with a port scan to be
effective. This just adds one more element which makes it more difficult.
7. A command that I consider important:
NMAP - sW,-sT, -sA, sM is a group of commands that finds the most commonly used TCP ports.
This is important because knowing the most commonly used TCP ports can prepare a hacker to try and
Breach that port using known vulnerabilities for those ports. This actually makes the job easier.
Part B
IP ADDRESS
EXecutive SUmmary
Executive Summary -cont.
-Cont.
Cont
-Cont
-Cont.
-Cont.
1. The operating systems that are running on the different hosts are:
Microsoft Windows XP Service pack 2
Microsoft Windows XP Service pack 3
Linux Kernel
2. What web server (if any) is running on each computer?
Microsoft Web server is running
3. Several services running on each computer:
smb
msrdp
ntp
www
telnet
ftp
4. The host that had the highest number of vulnerabilities and the least number
of vulnerabilities are:
192.168.100.103 had the highest number
192.168.100.105 had the Lowest number
5.Here I will Identify one high severity vulnerability for each computer and describe
the vulnerability and discuss control to minimize the risk from the vulnerability:
52717 had multiple Vulnerabilities. The remote web server uses a version of PHP that is affected by
multiple vulnerabilities
42411 - Microsoft smb shares unprivileged access. It is possible to access a network share.
The Control to minimize this risk is to restrict access under WIndows by going to each share, right clicking
and configure “sharing” on “permissions”. (Microsoft, 2009)
53503 - MS11-020: Vulnerability in SMB server could allow remote code execution. it is possible to
execute arbitrary code on the remote windows host due to flaws in its SMB implementation.
The Control to minimize this risk is a security update and Microsoft recommends that the update Patch is
applied immediately. (Microsoft, 2009)
6. Various uses of Nessus:
Nessus is a vulnerability checker that scans areas a hacker from the outside would face when trying to
infiltrate a network.
Nessus can be used to find misconfigurations in the systems. It can find patches that need to be Patched.
Nessus can also send out an alert if vulnerabilities are discovered during a scan.
7. The feature of Nessus that I find the most useful is:
I find the Pie Chart and section that shows that Highest severity of problems and it is listed in the
Executive summary. This is the most useful because you want to know where a hacker can break in or
easily exploit and this shows it.
8. The differences between using Nessus and Nmap:
Nmap is used mainly for host detection and port discovery while Nessus Scans ports to find open ports to
check security vulnerabilities.
References:
Microsoft. (2009, Jan 13). Microsoft security bulletin ms09-001 - critical. Retrieved from
http://technet.microsoft.com/en-us/security/bulletin/MS09-001
Top Related