Scribd
Upload
53 views31 pages

Hands-On Ethical Hacking and Network Defense, 3rd Edition: Port Scanning

Uploaded by

Siddhartha Bikram Karki
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
53 views31 pages

Hands-On Ethical Hacking and Network Defense, 3rd Edition: Port Scanning

Uploaded by

Siddhartha Bikram Karki
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 31

Hands-On Ethical Hacking

and Network Defense, 3rd


Edition

Chapter 5
Port Scanning
Objectives

After completing this chapter, you will be able to:


•Describe port scanning and types of port scans
•Describe port-scanning tools
•Explain what ping sweeps are used for
•Explain how shell scripting is used to automate
security tasks

Hands-On Ethical Hacking and Network Defense, 3rd 2


Edition
Introduction to Port Scanning
• Port Scanning
– Method of finding which services are offered by a
host
– Identifies vulnerabilities
• Open services can be used on attacks
– Identify vulnerable port and launch exploit
• Scans all ports when testing
– Not just well-known ports

Hands-On Ethical Hacking and Network Defense, 3rd 3


Edition
Introduction to Port Scanning

Hands-On Ethical Hacking and Network Defense, 3rd 4


Edition
Introduction to Port Scanning
• Port scanning programs report:
– Open ports
• Allows access to applications and can be vulnerable
to attack
– Closed ports
• Doesn’t allow entry or access to a service
– Filtered ports
• Might indicate that a firewall is being used to allows
specified traffic into or out of the network

Hands-On Ethical Hacking and Network Defense, 3rd 5


Edition
Types of Port Scans
• SYN scan
– Stealthy scan
• Connect scan
– Completes three-way handshake
• NULL scan
– Packet flags are turned off
• XMAS scan
– FIN, PSH and URG flags are set

Hands-On Ethical Hacking and Network Defense, 3rd 6


Edition
Types of Port Scans
• ACK scan
– Used to get past firewall
• FIN scan
– Closed port responds with an RST packet
• UDP scan
– Closed port responds with ICMP “Port Unreachable”
message

Hands-On Ethical Hacking and Network Defense, 3rd 7


Edition
Using Port-Scanning Tools
• Port-scanning tools
– Hundreds available
– Not all are accurate
• Be familiar with a variety of tools
• Practice often to gain proficiency
– Do not use one tool exclusively
• Some tools include:
– Nmap
– Nessus and OpenVAS

Hands-On Ethical Hacking and Network Defense, 3rd 8


Edition
Nmap
• Originally written for Phrack magazine
– One of the most popular port scanning tools
– New features frequently added
• GUI front end
– Zenmap
– Makes working with complex options easier
• Standard tool for security professionals
– Command: nmap 193.145.85.201
• Scans every port on computer with this IP address

Hands-On Ethical Hacking and Network Defense, 3rd 9


Edition
Nmap

Hands-On Ethical Hacking and Network Defense, 3rd 10


Edition
Nmap

Hands-On Ethical Hacking and Network Defense, 3rd 11


Edition
Nessus and OpenVAS (or Greenbone
Security Assistant)
• Nessus
– First released in 1998
– No longer under GPL license
• Still available for download from Tenable Network
Security Corporation for noncommercial personal use

Hands-On Ethical Hacking and Network Defense, 3rd 12


Edition
Nessus and OpenVAS (or Greenbone
Security Assistant)
• OpenVAS
– Open-source fork of Nessus in 2005
– Now branded as Greenbone Security Assistant
– Capable of updating security check plug-ins
• Security test programs (scripts)
– Performs complex queries while client interfaces with
server
– Can also determine what vulnerabilities are
associated with services

Hands-On Ethical Hacking and Network Defense, 3rd 13


Edition
Nessus and OpenVAS (or Greenbone
Security Assistant)

Hands-On Ethical Hacking and Network Defense, 3rd 14


Edition
Nessus and OpenVAS (or Greenbone
Security Assistant)

Hands-On Ethical Hacking and Network Defense, 3rd 15


Edition
Conducting Ping Sweeps
• Ping sweeps
– Identify which IP addresses belong to active hosts
• Ping a range of IP addresses to see what type of
response is returned
• Problems
– Shut down computers cannot respond
– Networks may be configured to block ICMP Echo
Requests
– Firewalls may filter out ICMP traffic

Hands-On Ethical Hacking and Network Defense, 3rd 16


Edition
Fping
• With the Fping tool you can ping multiple IP
addresses simultaneously
– Included on the Kali Linux
• Accepts a range of IP addresses
– Entered at a command prompt
– File containing multiple IP addresses
• Input file
– Usually created with a shell-scripting language so
you don’t need to type thousands of IP addresses
needed for a ping sweep

Hands-On Ethical Hacking and Network Defense, 3rd 17


Edition
Fping

Hands-On Ethical Hacking and Network Defense, 3rd 18


Edition
Fping
• To ping sweep a range of IP addresses without
using an input file, use the command:
– fping –g BeginningIPaddress
EndingIPaddress
– The –g parameter is used when no input file is
available
– Example:
• fping –g 192.168.185.1 192.168.185.5
command returns the results shown on Figure 5-6

Hands-On Ethical Hacking and Network Defense, 3rd 19


Edition
Fping

Hands-On Ethical Hacking and Network Defense, 3rd 20


Edition
Hping
• Used to:
– Perform ping sweeps
– Bypass filtering devices
• Allows users to inject modified IP packets
• Powerful tool
– All security testers must be familiar with tool
– Supports many parameters

Hands-On Ethical Hacking and Network Defense, 3rd 21


Edition
Hping

Hands-On Ethical Hacking and Network Defense, 3rd 22


Edition
Hping

Hands-On Ethical Hacking and Network Defense, 3rd 23


Edition
Hping

Hands-On Ethical Hacking and Network Defense, 3rd 24


Edition
Crafting IP Packets
• Packet components
– Source IP address
– Destination IP address
– Flags
• Helps obtain information about a service
• Tools:
– Hping
– Fping

Hands-On Ethical Hacking and Network Defense, 3rd 25


Edition
Understanding Scripting
• Some tools might need to be modified to better suit
your needs as a security tester
• Customized scripts
– Automates tasks
– Time saving
– Requires basic programming skills

Hands-On Ethical Hacking and Network Defense, 3rd 26


Edition
Scripting Basics
• Similar to DOS batch programming
• A script or batch file
– Text file
– Contains multiple commands that would be entered
manually at the command prompt
• If you find that you are using repetitive commands
to perform the same task
– That task is a good candidate for scripting
• Practice is the key

Hands-On Ethical Hacking and Network Defense, 3rd 27


Edition
Scripting Basics

Hands-On Ethical Hacking and Network Defense, 3rd 28


Edition
Scripting Basics

Hands-On Ethical Hacking and Network Defense, 3rd 29


Edition
Summary
• Footprinting
– Gathering network information with Web tools
• Competitive intelligence
– Gathered through observation and Web tools
• IP addresses and domain names
– Found by using tools (e.g., SamSpade)
• Cookies and Web bugs
– Collect and retrieve user’s information
• Zone transfers
– Used to obtain network topologies
Hands-On Ethical Hacking and Network Defense, 3rd 30
Edition
Summary
• Social engineering
– Attacks using human nature
• Many methods
– Educate personnel
• Attacker techniques
– Shoulder surfing
– Dumpster diving
– Piggybacking
– Phishing

Hands-On Ethical Hacking and Network Defense, 3rd 31


Edition

You might also like