1 / 29

Hands-On Ethical Hacking and Network Defense Second Edition

Hands-On Ethical Hacking and Network Defense Second Edition. Chapter 5 Port Scanning. Objectives. After reading this chapter and completing the exercises, you will be able to: Describe port scanning and types of port scans Describe port-scanning tools Explain what ping sweeps are used for

vlora
Download Presentation

Hands-On Ethical Hacking and Network Defense Second Edition

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Hands-On Ethical Hacking and Network DefenseSecond Edition Chapter 5 Port Scanning

  2. Objectives • After reading this chapter and completing the exercises, you will be able to: • Describe port scanning and types of port scans • Describe port-scanning tools • Explain what ping sweeps are used for • Explain how shell scripting is used to automate security tasks Hands-On Ethical Hacking and Network Defense, Second Edition

  3. Introduction to Port Scanning • Port Scanning • Finds which services are offered by a host • Identifies vulnerabilities • Open services can be used on attacks • Identify vulnerable port and launch exploit • Scans all ports when testing • Not just well-known ports Hands-On Ethical Hacking and Network Defense, Second Edition

  4. Figure 5-1 The AW Security Port Scanner interface Hands-On Ethical Hacking and Network Defense, Second Edition

  5. Introduction to Port Scanning (cont’d.) • Port scanning programs report: • Open ports • Closed ports • Filtered ports • Best-guess running OS Hands-On Ethical Hacking and Network Defense, Second Edition

  6. Types of Port Scans • SYN scan • Stealthy scan • Connect scan • Completes three-way handshake • NULL scan • Packet flags are turned off • XMAS scan • FIN, PSH and URG flags are set Hands-On Ethical Hacking and Network Defense, Second Edition

  7. Types of Port Scans (cont’d.) • ACK scan • Used to get past firewall • FIN scan • Closed port responds with an RST packet • UDP scan • Closed port responds with ICMP “Port Unreachable” message Hands-On Ethical Hacking and Network Defense, Second Edition

  8. Using Port-Scanning Tools • Port-scanning tools • Hundreds available • Not all are accurate • Be familiar with a variety • Practice often • Some tools include: • Nmap • Unicornscan • Nessus and OpenVAS Hands-On Ethical Hacking and Network Defense, Second Edition

  9. Nmap • Originally written for Phrack magazine • One of the most popular tools • New features frequently added • GUI front end • Zenmap • Standard tool for security professionals • Command: nmap 193.145.85.201 • Scans every port on computer with this IP address Hands-On Ethical Hacking and Network Defense, Second Edition

  10. Figure 5-2 The Nmap help screen Hands-On Ethical Hacking and Network Defense, Second Edition

  11. Unicornscan • Developed to assist with large network tests • Ideal for large-scale endeavors • Scans 65,535 ports in three to seven seconds • Handles port scanning using: • TCP • ICMP • IP • Optimizes UDP scanning Hands-On Ethical Hacking and Network Defense, Second Edition

  12. Nessus and OpenVAS • Nessus • First released in 1998 • No longer under GPL license • Still available for download • OpenVAS • Open-source fork of Nessus • Performs complex queries while client interfaces with server • Capable of updating security check plug-ins • Security test programs (scripts) Hands-On Ethical Hacking and Network Defense, Second Edition

  13. Figure 5-3 OpenVAS with a safe checks warning Hands-On Ethical Hacking and Network Defense, Second Edition

  14. Figure 5-4 OpenVAS discovers a vulnerability Hands-On Ethical Hacking and Network Defense, Second Edition

  15. Conducting Ping Sweeps • Ping sweeps • Identify which IP addresses belong to active hosts • Ping a range of IP addresses • Problems • Shut down computers cannot respond • Networks may be configured to block ICMP Echo Requests • Firewalls may filter out ICMP traffic Hands-On Ethical Hacking and Network Defense, Second Edition

  16. FPing • Ping multiple IP addresses simultaneously • Accepts a range of IP addresses • Entered at a command prompt • File containing multiple IP addresses • Input file • Usually created with shell-scripting language Hands-On Ethical Hacking and Network Defense, Second Edition

  17. Figure 5-5 Fping parameters Hands-On Ethical Hacking and Network Defense, Second Edition

  18. Figure 5-6 Results of an Fping command Hands-On Ethical Hacking and Network Defense, Second Edition

  19. Hping • Used to: • Perform ping sweeps • Bypass filtering devices • Allows users to inject modified IP packets • Powerful tool • All security testers must be familiar with tool • Supports many parameters Hands-On Ethical Hacking and Network Defense, Second Edition

  20. Figure 5-7 Hping help, page 1 Hands-On Ethical Hacking and Network Defense, Second Edition

  21. Figure 5-8 Hping help, page 2 Hands-On Ethical Hacking and Network Defense, Second Edition

  22. Figure 5-9 Hping help, page 3 Hands-On Ethical Hacking and Network Defense, Second Edition

  23. Crafting IP Packets • Packet components • Source IP address • Destination IP address • Flags • Helps obtain information about a service • Tools: • Hping • Fping Hands-On Ethical Hacking and Network Defense, Second Edition

  24. Understanding Scripting • Modify tools to better suit your needs • Customized scripts • Automates tasks • Time saving • Requires basic programming skills Hands-On Ethical Hacking and Network Defense, Second Edition

  25. Scripting Basics • Similar to DOS batch programming • Script or batch file • Text file • Contains multiple commands • Repetitive commands • Good candidate for scripting • Practice is the key Hands-On Ethical Hacking and Network Defense, Second Edition

  26. Table 5-1 Summary of vi commands Hands-On Ethical Hacking and Network Defense, Second Edition

  27. Figure 5-10 A shell script Hands-On Ethical Hacking and Network Defense, Second Edition

  28. Summary • Port scanning (i.e., service scanning) • Scanning a range of IP address • Determines running services • Port scan types • SYN • ACK • FIN Hands-On Ethical Hacking and Network Defense, Second Edition

  29. Summary (cont’d.) • Port scanning tools • Nmap • Nessus • OpenVAS • Unicornscan • Ping sweeps • Determine which computers are “live” • Scripts • Automate time-consuming tasks Hands-On Ethical Hacking and Network Defense, Second Edition

More Related