1 / 10

Network Security

Network Security. Port Scanning and Enumeration (NMAP). Port Scanning. Definition: Probing the ports on a remote machine to gain information Port – a virtual identifier on a system for a particular application/protocol Examples: ftp: port 21 ssh: port 22 telnet: port 23 http: port 80

kezia
Download Presentation

Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Network Security Port Scanning and Enumeration (NMAP)

  2. Port Scanning • Definition: Probing the ports on a remote machine to gain information • Port – a virtual identifier on a system for a particular application/protocol • Examples: • ftp: port 21 • ssh: port 22 • telnet: port 23 • http: port 80 • Oracle: port 1521 • Usefulness • Attacker: which ports are open? • Defender: which ports are potential vulnerabilities?

  3. Specific Uses • Find out if system is up • Ping scanning • Find open/vulnerable ports – what services are available? • Port scanning • Operating System identification • TCP/IP fingerprinting • Based on packet TTL, packet size, flags set on SYN/SYN|ACK packets in TCP handshaking

  4. How to use this information • Identify exposed ports/services • Shut down any unneeded services • Famous last words - “I didn’t know X was running on my system” • Ensure that services that are running do not have security vulnerabilities

  5. Issues • Possible problems with usage • Options can flood target machine with packets, potentially affecting it • Ethics • Is it ethical to probe an arbitrary system? • Most say “no” • Identification of probing system • http://www.insecure.org/nmap/idlescan.html

  6. Port Scanning Tools • Unix/Linux • nmap • HPING2 • udp_scan • netcat (nc) • Windows • SuperScan4 • WinScan • ipEye

  7. nmap • One of many software implementations of a port scanner • Open source • Available on Windows and Unix • Supports many hardware options, including some PDAs • Now with GUI front ends • Linux: nmapfe • Windows: nmapwin • http://www.insecure.org

  8. nmap features • Identifies open ports • Options for regular or stealth scanning • Regular scanning – attempt full connection with port; scanned system knows scan is occurring and can identify scanner • Stealth scanning – attempt partial connection with port; scanned system may not know scan is occurring and may not be able to identify scanner • Attempts to identify operating system • Usually correct, but can be fooled

  9. nmap Output Example Starting nmap V. 2.54 (www.insecure.org) Interesting ports on (www.xxx.yyy.zzz) (The xxxx ports scanned but not shown here are in state: closed) Port State Service 22/tcp open ssh 47017/tcp open unknown TCP Sequence Prediction: Class-random positive increments Difficulty=3980866 (Good luck!) Remote operating system guess: Linux 2.1.122 – 2.2.16 Nmap run completed - - 1 IP address (1 host up) scanned in 5 seconds

  10. SuperScan4 • Nice Windows GUI • Many extra options • Information on ports/services in HTML report format

More Related