footprinting and scanning l.
Skip this Video
Loading SlideShow in 5 Seconds..
Footprinting and Scanning PowerPoint Presentation
Download Presentation
Footprinting and Scanning

Loading in 2 Seconds...

play fullscreen
1 / 8

Footprinting and Scanning - PowerPoint PPT Presentation

  • Uploaded on

Footprinting and Scanning. Protect from. Target acquisition and information gathering footprinting scanning enumeration initial access privilege escalation covering tracks. Footprinting. gathering target information profile of security posture. Scope of footprinting.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Footprinting and Scanning' - cargan

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
protect from
Protect from
  • Target acquisition and information gathering
    • footprinting
    • scanning
    • enumeration
  • initial access
  • privilege escalation
  • covering tracks
  • gathering target information
  • profile of security posture
scope of footprinting
Scope of footprinting
  • Organization, region, location
  • open source search
    • web page (save it offline, e.g. teleport )
    • multiple search engines (All-in-One , Dogpile)
    • advanced search (e.g. Yahoo)
    • publicly trade companies (e.g. EDGAR)
    • You can obtain satellite images of a location using the TerraServer or downloading Google Earth.
  • countermeasures
    • remove unnecessary information from web pages
    • create security policies (see Site Security Handbook)
network enumeration
Network enumeration
  • Identify domain names and networks
    • registrar query. In Linux/UNIX issue whois “domain” In Windows download SamSpade, enter a DNS server in the right window and perform the query in the left windows as shown here.
    • organizational and domain query. Use the dig function of SamSpade to obtain information about who is responsible for the domain, the primary (authoritative) DNS server, the other DNS servers, etc.
    • network query. The ARIN database can provide information on IP blocks assigned to an organization. You can also use the SamSpade IP Block tool.
    • countermeasures: only administrative cleanup, because the information is required for registration.
dns interrogation
DNS interrogation
  • Use the Spade tool to check DNS.
    • Use the dig tool in Spade to obtain the authoritative DNS for the organization (it will also provide mail server, etc, IP numbers).
    • A zone transfer asks the authoritative name server of an organization for all the information it knows about a domain (it should not provide the information).
    • Mail relay check asks a mail server to relay mail for you (it should not relay your message).
    • Countermeasures: deny all unauthorized inbound connections to port 53. You can also set directives to the DNS server (see book). This prevents zone transfer, but not nslookup to each IP number.
  • Network Reconnaissance
    • traceroute (tracert) allows to study the network topology (identify the nodes in the network). See this example.
  • After obtaining a list of network and IP addresses scanning starts:
    • ping sweeps (active machines): user pinger in Windows and nmap in Linux/UNIX. This is an example of pinger.
    • TCP port scanning (open ports in active machines): SYN and connect scans work with most hosts. SYN is stealthier and may not be logged. In Windows use SuperScan and in Linux/UNIX use nmap. See an example of SuperScan. BUT, hackers use scripts with binary files, not graphical tools.
    • UDP port scanning: use WUPS in Windows as shown here.
    • countermeasures: detection using active ports (see an example of what it logs). Later we will learn to install an IDS program (snort), the way to protect from ping sweeps and port scanning. NAT is a first step. See more free/shareware security tools here.
more in scanning
More in Scanning
  • OS detection (stack fingerprinting):
    • probe the TCP/IP stack,because it varies with OS. Requires at least one listening port to make determination. See textbook (pages 69-72) for types of probe.
    • why is it important? There are hacker tools OS and Net device specific. In Linux/UNIX use nmap with -O. You can use the Netcraft site to check the OS of a host running a Web server.
    • countermeasures: standards, filtering requests at firewall.
  • OS detection (passive signatures):
    • monitoring the traffic the operating system can be detected, among other things. Siphon is a recent Linux/UNIX tool.
    • Once the OS is identified enumeration can take place (to be seen in next class meeting).