Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Computer Networks

11-1 scanning

advertisement 
Network Security
Port Scanning and Enumeration
(NMAP)
Port Scanning
Definition: Probing the ports on a remote
machine to gain information


Port – a virtual identifier on a system for a particular
application/protocol
Examples:
ftp: port 21
ssh: port 22
telnet: port 23
http: port 80
Oracle: port 1521
Usefulness


Attacker: which ports are open?
Defender: which ports are potential vulnerabilities?
Specific Uses
Find out if system is up

Ping scanning
Find open/vulnerable ports – what services are
available?

Port scanning
Operating System identification


TCP/IP fingerprinting
Based on packet TTL, packet size, flags set on
SYN/SYN|ACK packets in TCP handshaking
How to use this information
Identify exposed ports/services
Shut down any unneeded services

Famous last words - “I didn’t know X was
running on my system”
Ensure that services that are running do
not have security vulnerabilities
Issues
Possible problems with usage

Options can flood target machine with packets,
potentially affecting it
Ethics

Is it ethical to probe an arbitrary system?
Most say “no”
Identification of probing system

http://www.insecure.org/nmap/idlescan.html
Port Scanning Tools
Unix/Linux




nmap
HPING2
udp_scan
netcat (nc)
Windows



SuperScan4
WinScan
ipEye
nmap
One of many software implementations of
a port scanner
Open source
Available on Windows and Unix
Supports many hardware options,
including some PDAs
Now with GUI front ends


Linux: nmapfe
Windows: nmapwin
http://www.insecure.org
nmap features
Identifies open ports

Options for regular or stealth scanning
Regular scanning – attempt full connection with
port; scanned system knows scan is occurring and
can identify scanner
Stealth scanning – attempt partial connection with
port; scanned system may not know scan is
occurring and may not be able to identify scanner
Attempts to identify operating system

Usually correct, but can be fooled
nmap Output Example
Starting nmap V. 2.54 (www.insecure.org)
Interesting ports on (www.xxx.yyy.zzz)
(The xxxx ports scanned but not shown here are in state:
closed)
Port
State Service
22/tcp
open ssh
47017/tcp open unknown
TCP Sequence Prediction: Class-random positive increments
Difficulty=3980866 (Good luck!)
Remote operating system guess: Linux 2.1.122 – 2.2.16
Nmap run completed - - 1 IP address (1 host up) scanned in
5 seconds
SuperScan4
Nice Windows GUI
Many extra options
Information on ports/services in HTML
report format
Related documents
Old MIDTERM EXAM for 154
Old MIDTERM EXAM for 154
Across 2. HTTP 4. TCP 10. ports used for specific applications like
Across 2. HTTP 4. TCP 10. ports used for specific applications like
Chapter 3
Chapter 3
port - Welcome to nob.cs.ucdavis.edu!
port - Welcome to nob.cs.ucdavis.edu!
Microsoft Word - AgendaWeb
Microsoft Word - AgendaWeb
Resetting COM PORT NUMBER ASSIGNMENTS - Probe-TEC
Resetting COM PORT NUMBER ASSIGNMENTS - Probe-TEC
event_21-109-1-52204d890def1
event_21-109-1-52204d890def1
choose one Well-Known TCP Port Numbers
choose one Well-Known TCP Port Numbers
inclusiveness.ctb
inclusiveness.ctb
Appsec nmap slides
Appsec nmap slides
ECCouncil 312-50v11 - Q 1- 50
ECCouncil 312-50v11 - Q 1- 50
Product Review - WordPress.com
Product Review - WordPress.com
Download
advertisement