1 / 34

Hands-On Ethical Hacking and Network Defense

Hands-On Ethical Hacking and Network Defense. Chapter 5 Port Scanning. Objectives. Describe port scanning Describe different types of port scans Describe various port-scanning tools Explain what ping sweeps are used for Explain how shell scripting is used to automate security tasks.

alijah
Download Presentation

Hands-On Ethical Hacking and Network Defense

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning

  2. Objectives • Describe port scanning • Describe different types of port scans • Describe various port-scanning tools • Explain what ping sweeps are used for • Explain how shell scripting is used to automate security tasks Hands-On Ethical Hacking and Network Defense

  3. Introduction to Port Scanning • Port Scanning • Finds out which services are offered by a host • Identifies vulnerabilities • Open services can be used on attacks • Identify a vulnerable port • Launch an exploit • Scan all ports when testing • Not just well-known ports Hands-On Ethical Hacking and Network Defense

  4. Hands-On Ethical Hacking and Network Defense

  5. Introduction to Port Scanning (continued) • Port scanning programs report • Open ports • Closed ports • Filtered ports • Best-guess assessment of which OS is running Hands-On Ethical Hacking and Network Defense

  6. Types of Port Scans • SYN scan • Stealthy scan • Connect scan • Completes the three-way handshake • NULL scan • Packet flags are turned off • XMAS scan • FIN, PSH and URG flags are set Hands-On Ethical Hacking and Network Defense

  7. Types of Port Scans (continued) • ACK scan • Used to past a firewall • FIN scan • Closed port responds with an RST packet • UDP scan • Closed port responds with ICMP “Port Unreachable” message Hands-On Ethical Hacking and Network Defense

  8. Using Port-Scanning Tools • Nmap • Unicornscan • NetScanTools Pro 2004 • Nessus Hands-On Ethical Hacking and Network Defense

  9. Nmap • Originally written for Phrack magazine • One of the most popular tools • GUI version • Xnmap • Open source tool • Standard tool for security professionals Hands-On Ethical Hacking and Network Defense

  10. Hands-On Ethical Hacking and Network Defense

  11. Unicornscan • Developed in 2004 • Ideal for large networks • Scans 65,535 ports in three to seven seconds • Handles port scanning using • TCP • ICMP • IP • Optimizes UDP scanning Hands-On Ethical Hacking and Network Defense

  12. NetScanTools Pro 2004 • Robust easy-to-use commercial tool • Supported OSs • *NIX • Windows • Types of tests • Database vulnerabilities • E-mail account vulnerabilities • DHCP server discovery • IP packets and name servers • OS fingerprinting Hands-On Ethical Hacking and Network Defense

  13. Hands-On Ethical Hacking and Network Defense

  14. Hands-On Ethical Hacking and Network Defense

  15. Nessus • First released in 1998 • Open source tool • Uses a client/server technology • Conducts testing from different locations • Can use different OSs for client and network Hands-On Ethical Hacking and Network Defense

  16. Nessus (continued) • Server • Any *NIX platform • Client • Can be UNIX or Windows • Functions much like a database server • Ability to update security checks plug-ins • Scripts • Some plug-ins are considered dangerous Hands-On Ethical Hacking and Network Defense

  17. Hands-On Ethical Hacking and Network Defense

  18. Nessus (continued) • Finds services running on ports • Finds vulnerabilities associated with identified services Hands-On Ethical Hacking and Network Defense

  19. Hands-On Ethical Hacking and Network Defense

  20. Conducting Ping Sweeps • Ping sweeps • Identify which IP addresses belong to active hosts • Ping a range of IP addresses • Problems • Computers that are shut down cannot respond • Networks may be configured to block ICMP Echo Requests • Firewalls may filter out ICMP traffic Hands-On Ethical Hacking and Network Defense

  21. FPing • Ping multiple IP addresses simultaneously • www.fping.com/download • Command-line tool • Input: multiple IP addresses • Entered at a shell • -g option • Input file with addresses • -f option Hands-On Ethical Hacking and Network Defense

  22. Hands-On Ethical Hacking and Network Defense

  23. Hands-On Ethical Hacking and Network Defense

  24. Hping • Used to bypass filtering devices • Allows users to fragment and manipulate IP packets • www.hping.org/download • Powerful tool • All security testers must be familiar with tool • Supports many parameters (command options) Hands-On Ethical Hacking and Network Defense

  25. Hands-On Ethical Hacking and Network Defense

  26. Hands-On Ethical Hacking and Network Defense

  27. Hands-On Ethical Hacking and Network Defense

  28. Crafting IP Packets • Packet components • Source IP address • Destination IP address • Flags • Crafting packets helps you obtain more information about a service • Tools • Fping • Hping Hands-On Ethical Hacking and Network Defense

  29. Understanding Shell Scripting • Modify tools to better suit your needs • Script • Computer program that automates tasks • Time-saving solution Hands-On Ethical Hacking and Network Defense

  30. Scripting Basics • Similar to DOS batch programming • Script or batch file • Text file • Contains multiple commands • Repetitive commands are good candidate for scripting • Practice is the key Hands-On Ethical Hacking and Network Defense

  31. Hands-On Ethical Hacking and Network Defense

  32. Hands-On Ethical Hacking and Network Defense

  33. Summary • Port scanning • Also referred as service scanning • Process of scanning a range of IP address • Determines what services are running • Port scan types • SYN • ACK • FIN • UDP • Others: Connect, NULL, XMAS Hands-On Ethical Hacking and Network Defense

  34. Summary (continued) • Port scanning tools • Nmap • Nessus • Unicornscan • Ping sweeps • Determine which computers are “alive” • Shell scripting • Helps with automating tasks Hands-On Ethical Hacking and Network Defense

More Related