1 / 16

Scanning

Scanning. Determining if the system is alive IP Scanning Port Scanning War Dialing. PING Sweeps. PING is used to send ICMP Echo type 8 packets to determined if a Type 0 reply is received indicating the system is alive. Type 0 Echo Reply Type 3 Destination unreachable Type 4 Source Quench

zeke
Download Presentation

Scanning

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Scanning Determining if the system is alive IP Scanning Port Scanning War Dialing

  2. PING Sweeps • PING is used to send ICMP Echo type 8 packets to determined if a Type 0 reply is received indicating the system is alive. • Type 0 Echo Reply • Type 3 Destination unreachable • Type 4 Source Quench • Type 8 Echo • Type 11 Time exceeded • Type 13 Timestamp Reply • Type 15 Info Request • Type 16 Info Reply

  3. FPING • Fping for unix systems, can read the contents of a file listing a range of IP addresses • Fping –a –f in.txt

  4. NMAP • NMAP –Sp 192.168.1.0/24 www.insecure.org/nmap

  5. Superscan for Windows • www.foundstone.com

  6. Port Scanning • Determining what services are running or listening by connecting to TCP and UDP ports

  7. Scan Types • TCP Connect (full three way hand shake SYN, SYN/ACK, ACK) • TCP SYN (half open scan SYN/ACK listening state, RST/ACK not listening) • TCP FIN (UNIX, if closed a RST is replied) • TCP xmas tree FIN, URG and PUSH if closed a RST is replied) • TCP Null (if closed a RST is replied) • TCP Ack (Firewall rule sets, stateful firewalls) • TCP Windows (detects open and filter ports) • TCP RPC (Unix, detect RPC ports) • UDP (connectionless, used to receive an ICMP unreachable message for closed ports) SYN SYN/ACK ACK Server Client

  8. Netcat • Nc –v –x –w2 192.168.1.1 1-140

  9. Nmap • Unix based • Nmap –Ss 192.168.1.1

  10. Port Scanners Unix Strobe Tcp_scan Nmap Netcat Windows Netcat Superscan Winscan ipEye WUPS ScanLine

  11. Banner Grabbing • Banner Grabbing is the act of connecting to a network available service or application • Ports 135, 139, 445: generally denotes a Windows system • Ports 512-514: Unix ‘r’ commands

  12. Banner Grabbing • Nmap –O 192.168.1.10 port state Protocol Service 21 Open tcp ftp We could also use packet filtering to grab information!

  13. Banner Grabbing • Automated discovery tools give graphical displays of networks such as • Tkined, cheops and Scotty

  14. War Dialing • Used to dial Telephone numbers searching for remote access/modem connections

  15. Countermeasures • Detect a potential attack early • Use an IDS such as www.snort.org or Genius at www.indiesoft.com • Filter ICMP traffic through Firewall • Use ACLs

  16. Exercise • Download an IP scanner, port scanner and network IDS in groups of three perform scans, banner grabbing and NID

More Related