1 / 26

CITA 352

CITA 352. Chapter 5 Port Scanning. Introduction to Port Scanning. Port Scanning Finds which services are offered by a host Identifies vulnerabilities Open services can be used on attacks Identify vulnerable port and launch exploit Scans all ports when testing Not just well-known ports.

amandla
Download Presentation

CITA 352

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CITA 352 Chapter 5 Port Scanning

  2. Introduction to Port Scanning • Port Scanning • Finds which services are offered by a host • Identifies vulnerabilities • Open services can be used on attacks • Identify vulnerable port and launch exploit • Scans all ports when testing • Not just well-known ports

  3. Figure 5-1 The AW Security Port Scanner interface

  4. Introduction to Port Scanning (cont’d.) • Port scanning programs report: • Open ports • Closed ports • Filtered ports • Best-guess running OS

  5. Types of Port Scans • SYN scan • Stealthy scan • Connect scan • Completes three-way handshake • NULL scan • Packet flags are turned off • XMAS scan • FIN, PSH and URG flags are set

  6. Types of Port Scans (cont’d.) • ACK scan • Used to get past firewall • FIN scan • Closed port responds with an RST packet • UDP scan • Closed port responds with ICMP “Port Unreachable” message

  7. Using Port-Scanning Tools • Port-scanning tools • Hundreds available • Not all are accurate • Be familiar with a variety • Practice often • Some tools include: • Nmap • Unicornscan • Nessus and OpenVAS

  8. Nmap • Originally written for Phrack magazine • One of the most popular tools • New features frequently added • GUI front end • Zenmap • Standard tool for security professionals • Command: nmap 193.145.85.201 • Scans every port on computer with this IP address

  9. Figure 5-2 The Nmap help screen

  10. Unicornscan • Developed to assist with large network tests • Ideal for large-scale endeavors • Scans 65,535 ports in three to seven seconds • Handles port scanning using: • TCP • ICMP • IP • Optimizes UDP scanning

  11. Nessus and OpenVAS • Nessus • First released in 1998 • No longer under GPL license • Still available for download • OpenVAS • Open-source fork of Nessus • Performs complex queries while client interfaces with server • Capable of updating security check plug-ins • Security test programs (scripts)

  12. Figure 5-3 OpenVAS with a safe checks warning

  13. Figure 5-4 OpenVAS discovers a vulnerability

  14. Conducting Ping Sweeps • Ping sweeps • Identify which IP addresses belong to active hosts • Ping a range of IP addresses • Problems • Shut down computers cannot respond • Networks may be configured to block ICMP Echo Requests • Firewalls may filter out ICMP traffic

  15. FPing • Ping multiple IP addresses simultaneously • Accepts a range of IP addresses • Entered at a command prompt • File containing multiple IP addresses • Input file • Usually created with shell-scripting language

  16. Figure 5-5 Fping parameters

  17. Figure 5-6 Results of an Fping command

  18. Hping • Used to: • Perform ping sweeps • Bypass filtering devices • Allows users to inject modified IP packets • Powerful tool • All security testers must be familiar with tool • Supports many parameters

  19. Figure 5-7 Hping help, page 1

  20. Figure 5-8 Hping help, page 2

  21. Figure 5-9 Hping help, page 3

  22. Crafting IP Packets • Packet components • Source IP address • Destination IP address • Flags • Helps obtain information about a service • Tools: • Hping • Fping

  23. Understanding Scripting • Modify tools to better suit your needs • Customized scripts • Automates tasks • Time saving • Requires basic programming skills

  24. Scripting Basics • Similar to DOS batch programming • Script or batch file • Text file • Contains multiple commands • Repetitive commands • Good candidate for scripting • Practice is the key

  25. Table 5-1 Summary of vi commands

  26. Figure 5-10 A shell script

More Related