1 / 25

Network Security

Network Security. Footprint & Scan. Content. What is Footprinting? Relationship between Ports and Services Several Scan Techniques Firewall and IDS (Intrusion Detection System) Operating System Detection. Footprinting. 개인정보. 게시판. ID. 개인정보. 개인정보. ID. 게시판. ID. 개인정보. Ports. FTP.

arden-young
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Footprint & Scan

  2. Content • What is Footprinting? • Relationship between Ports and Services • Several Scan Techniques • Firewall and IDS (Intrusion Detection System) • Operating System Detection Footprinting & Scan

  3. Footprinting 개인정보 게시판 ID 개인정보 개인정보 ID 게시판 ID 개인정보 Footprinting & Scan

  4. Ports FTP Applications TFTP Telnet 20 POP3 23 SMTP 25 53 RPC DNS 80 161 HTTP IMAP SNMP Daemon: 서비스가 요청되었을 때, 이에 반응할 수 있도록 항상 실행되어 있는 프로그램 Footprinting & Scan

  5. Let’s Practice • Telnet 동작시키기 • Windows: [내컴퓨터] – [관리] – [서비스] Footprinting & Scan

  6. Footprinting & Scan

  7. Footprinting & Scan

  8. Disable = no 로 변경 telnet service 접속 telnet service 시작 Footprinting & Scan

  9. Scan • What’s Scan? • 서비스를 제공하는 서버의 작동 여부와 그 서버가 제공하고 있는 서비스를 확인하는 것. • 종류 • Ping과 ICMP Scan • Echo Request & Reply • Timestamp Request & Reply • Information Request & Reply • ICMP Address Mask Request & Reply • TCP와 UDP를 이용한 Scan • UDP Scan • TCP Open Scan • TCP Half Open Scan • Stealth Scan Footprinting & Scan

  10. Ping과 ICMP Scan 1 1 2 4 3 2 3 4 5 5 6 6 • Echo Request & Reply 1: ICMP 패킷의 길이 2: ICMP Echo Reply 패킷의 크기 3: Echo Request 패킷이 보내진 뒤 Reply 패킷을 받기까지의 시간 4: TTL 값 5: Request 패킷의 개수와 Reply 패킷의 개수, 손실된 패킷의 갯수 6: Request 패킷을 보낸 후 Reply 패킷이 오기까지의 시간 정보 Footprinting & Scan

  11. 운영체제별 ICMP 패킷 지원 여부 Footprinting & Scan

  12. TCP & UDP Scan • UDP Scan 공격대상 공격자 공격대상 UDC Packet UDC Packet ICMP Unreachable Packet Footprinting & Scan

  13. TCP Open Scan 공격대상 공격자 공격대상 SYN RST + ACK SYN SYN + ACK ACK 113 ort TCP 접속 생성 Ident Query 전송 Ident Scan Username/UID 정보 Open Ident Scan: 세션을 확립한 상태에서 원격지 서버에서 데몬을 실행하고 있는 프로세스의 소유자를 확인 Footprinting & Scan

  14. TCP Half Open Scan 공격대상 공격자 공격대상 SYN RST + ACK SYN SYN + ACK RST Footprinting & Scan

  15. Stealth Scan 공격대상 공격자 공격대상 FIN, NULL, XMAS Packets FIN, NULL, XMAS Packets RST Packet ACK Packet TTL: on OS, window size: 0 ACK Packet TTL: < 64, window size: !0 10 bytes of TCP The other 10 bytes of TCP Footprinting & Scan

  16. IDS (Intrusion Detection System) 회피 • 짧은 시간 동안 많은 패킷을 전송 • 방화벽과 IDS의 처리 용량 한계를 넘김 • 긴 시간 동안에 걸쳐서 패킷 전송 • 방화벽과 IDS가 패턴에 대한 정보를 얻기 힘듦 Footprinting & Scan

  17. Let’s Practice • Installing fping Footprinting & Scan

  18. Results of fping Footprinting & Scan

  19. Installing sing Footprinting & Scan

  20. Results of sing Footprinting & Scan

  21. Installing nmap Footprinting & Scan

  22. Footprinting & Scan

  23. Footprinting & Scan

  24. Detection of Operation System • Banner Grabbing • 원격지 시스템에서 로그인하면 보이는 안내문 • TCP/IP 프로토콜의 반응 • FIN Scan 적용 유무 • Session 연결 시 TCP 패킷의 시퀀스 넘버 생성 • Windows • 시간에 따른 시퀀스 넘버 • Linux • 완전한 랜덤 • FreeBSD, Digital-Unix, IRIX, Solaris • 시간에 따른 랜던한 증분 Footprinting & Scan

  25. Banner Grabbing Footprinting & Scan

More Related