We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 31
Hands-On Ethical Hacking
and Network Defense, 3rd
Edition
Chapter 5 Port Scanning Objectives
After completing this chapter, you will be able to:
•Describe port scanning and types of port scans •Describe port-scanning tools •Explain what ping sweeps are used for •Explain how shell scripting is used to automate security tasks
Hands-On Ethical Hacking and Network Defense, 3rd 2
Edition Introduction to Port Scanning • Port Scanning – Method of finding which services are offered by a host – Identifies vulnerabilities • Open services can be used on attacks – Identify vulnerable port and launch exploit • Scans all ports when testing – Not just well-known ports
Hands-On Ethical Hacking and Network Defense, 3rd 3
Edition Introduction to Port Scanning
Hands-On Ethical Hacking and Network Defense, 3rd 4
Edition Introduction to Port Scanning • Port scanning programs report: – Open ports • Allows access to applications and can be vulnerable to attack – Closed ports • Doesn’t allow entry or access to a service – Filtered ports • Might indicate that a firewall is being used to allows specified traffic into or out of the network
Hands-On Ethical Hacking and Network Defense, 3rd 5
Edition Types of Port Scans • SYN scan – Stealthy scan • Connect scan – Completes three-way handshake • NULL scan – Packet flags are turned off • XMAS scan – FIN, PSH and URG flags are set
Hands-On Ethical Hacking and Network Defense, 3rd 6
Edition Types of Port Scans • ACK scan – Used to get past firewall • FIN scan – Closed port responds with an RST packet • UDP scan – Closed port responds with ICMP “Port Unreachable” message
Hands-On Ethical Hacking and Network Defense, 3rd 7
Edition Using Port-Scanning Tools • Port-scanning tools – Hundreds available – Not all are accurate • Be familiar with a variety of tools • Practice often to gain proficiency – Do not use one tool exclusively • Some tools include: – Nmap – Nessus and OpenVAS
Hands-On Ethical Hacking and Network Defense, 3rd 8
Edition Nmap • Originally written for Phrack magazine – One of the most popular port scanning tools – New features frequently added • GUI front end – Zenmap – Makes working with complex options easier • Standard tool for security professionals – Command: nmap 193.145.85.201 • Scans every port on computer with this IP address
Hands-On Ethical Hacking and Network Defense, 3rd 9
Edition Nmap
Hands-On Ethical Hacking and Network Defense, 3rd 10
Edition Nmap
Hands-On Ethical Hacking and Network Defense, 3rd 11
Edition Nessus and OpenVAS (or Greenbone Security Assistant) • Nessus – First released in 1998 – No longer under GPL license • Still available for download from Tenable Network Security Corporation for noncommercial personal use
Hands-On Ethical Hacking and Network Defense, 3rd 12
Edition Nessus and OpenVAS (or Greenbone Security Assistant) • OpenVAS – Open-source fork of Nessus in 2005 – Now branded as Greenbone Security Assistant – Capable of updating security check plug-ins • Security test programs (scripts) – Performs complex queries while client interfaces with server – Can also determine what vulnerabilities are associated with services
Hands-On Ethical Hacking and Network Defense, 3rd 13
Edition Nessus and OpenVAS (or Greenbone Security Assistant)
Hands-On Ethical Hacking and Network Defense, 3rd 14
Edition Nessus and OpenVAS (or Greenbone Security Assistant)
Hands-On Ethical Hacking and Network Defense, 3rd 15
Edition Conducting Ping Sweeps • Ping sweeps – Identify which IP addresses belong to active hosts • Ping a range of IP addresses to see what type of response is returned • Problems – Shut down computers cannot respond – Networks may be configured to block ICMP Echo Requests – Firewalls may filter out ICMP traffic
Hands-On Ethical Hacking and Network Defense, 3rd 16
Edition Fping • With the Fping tool you can ping multiple IP addresses simultaneously – Included on the Kali Linux • Accepts a range of IP addresses – Entered at a command prompt – File containing multiple IP addresses • Input file – Usually created with a shell-scripting language so you don’t need to type thousands of IP addresses needed for a ping sweep
Hands-On Ethical Hacking and Network Defense, 3rd 17
Edition Fping
Hands-On Ethical Hacking and Network Defense, 3rd 18
Edition Fping • To ping sweep a range of IP addresses without using an input file, use the command: – fping –g BeginningIPaddress EndingIPaddress – The –g parameter is used when no input file is available – Example: • fping –g 192.168.185.1 192.168.185.5 command returns the results shown on Figure 5-6
Hands-On Ethical Hacking and Network Defense, 3rd 19
Edition Fping
Hands-On Ethical Hacking and Network Defense, 3rd 20
Edition Hping • Used to: – Perform ping sweeps – Bypass filtering devices • Allows users to inject modified IP packets • Powerful tool – All security testers must be familiar with tool – Supports many parameters
Hands-On Ethical Hacking and Network Defense, 3rd 21
Edition Hping
Hands-On Ethical Hacking and Network Defense, 3rd 22
Edition Hping
Hands-On Ethical Hacking and Network Defense, 3rd 23
Edition Hping
Hands-On Ethical Hacking and Network Defense, 3rd 24
Edition Crafting IP Packets • Packet components – Source IP address – Destination IP address – Flags • Helps obtain information about a service • Tools: – Hping – Fping
Hands-On Ethical Hacking and Network Defense, 3rd 25
Edition Understanding Scripting • Some tools might need to be modified to better suit your needs as a security tester • Customized scripts – Automates tasks – Time saving – Requires basic programming skills
Hands-On Ethical Hacking and Network Defense, 3rd 26
Edition Scripting Basics • Similar to DOS batch programming • A script or batch file – Text file – Contains multiple commands that would be entered manually at the command prompt • If you find that you are using repetitive commands to perform the same task – That task is a good candidate for scripting • Practice is the key
Hands-On Ethical Hacking and Network Defense, 3rd 27
Edition Scripting Basics
Hands-On Ethical Hacking and Network Defense, 3rd 28
Edition Scripting Basics
Hands-On Ethical Hacking and Network Defense, 3rd 29
Edition Summary • Footprinting – Gathering network information with Web tools • Competitive intelligence – Gathered through observation and Web tools • IP addresses and domain names – Found by using tools (e.g., SamSpade) • Cookies and Web bugs – Collect and retrieve user’s information • Zone transfers – Used to obtain network topologies Hands-On Ethical Hacking and Network Defense, 3rd 30 Edition Summary • Social engineering – Attacks using human nature • Many methods – Educate personnel • Attacker techniques – Shoulder surfing – Dumpster diving – Piggybacking – Phishing
Hands-On Ethical Hacking and Network Defense, 3rd 31