NMAP - PowerPoint PPT Presentation

About This Presentation
Title:

NMAP

Description:

nmap -sS -D ( IP address of multiple host) ... Nmap is a port scanner, which can search a target computer for open ports, and ... Snort's task is to counteract nmap. ... – PowerPoint PPT presentation

Number of Views:1377
Avg rating:3.0/5.0
Slides: 9
Provided by: anamaria8
Category:
Tags: nmap | nmap

less

Transcript and Presenter's Notes

Title: NMAP


1
NMAP
  • ANA MARIA CHANABA
  • ROBERT HUYLO

2
HOW TO HIDE IP ADDRESS
  • Decoy scanning can be used to effectively confuse
    the intended target.
  • Basically you are sending spoofed packets with a
    fake source address along with your original
    address hoping to make it harder to find out
    exactly who is scanning them.
  • nmap -sS -D ( IP address of multiple host)
  • nmap sends four packets each from a different
    source address.

3
DECOYS
  • What is the point of sending four TCP SYN
    packets?
  • The reason is to hide the real IP address in a
    mass of foreign addresses. Making it more
    difficult to detect the real attacker.
  • Another thing to note is the more decoys the
    slower the scan.

4
DECOY
  • The decoy address will be receiving either RESET
    ICMP Port Unreachable if the port is closed and
    SYN ACK packets if the port is open.
  • When the host name is specified, the real IP will
    show up on the DNS server of the decoy.
  • This technique requires an attacker to send some
    packets to the target from her real IP address.
    On the other hand, Idle scan does not send any
    packets.

5
DECOY NMAP AND SNORT TWO SIDES OF THE SAME COIN
  • Nmap is a port scanner, which can search a target
    computer for open ports, and thus for potential
    security loopholes.
  • Snorts task is to counteract nmap. Snort is a
    daemon which scans through a network for suspect
    packages and logs them.
  • IP might set of more warnings in snort than the
    decoys.
  • The real attackers IP in a decoy scan always
    shows up first in the snort alert log.

6
IPS SHOW UP IN A SNORT LOG
  • SENT (0.0060s) ICMP 192.168.0.4 gt 192.168.0.3
    Echo request (type8/code0) ttl42 id2717
    iplen28SENT (0.0070s) ICMP 192.168.0.7 gt
    192.168.0.3 Echo request (type8/code0) ttl58
    id27663 iplen28SENT (0.0070s) ICMP 192.168.0.1
    gt 192.168.0.3 Echo request (type8/code0) ttl41
    id3618 iplen28RCVD (0.0070s) ICMP 192.168.0.3
    gt 192.168.0.4 Echo reply (type0/code0) ttl64
    id37318 iplen28
  • 14691 ICMP PING NMAP Classification
    Attempted Information Leak Priority
    207/23-184613.256183 192.168.0.4 -gt
    192.168.0.3ICMP TTL42 TOS0x0 ID2717 IpLen20
    DgmLen28Type8 Code0 ID53476 Seq52818
    ECHOXref gt http//www.whitehats.com/info/IDS162
    14691 ICMP PING NMAP
    Classification Attempted Information Leak
    Priority 207/23-184613.256190 192.168.0.7
    -gt 192.168.0.3ICMP TTL58 TOS0x0 ID27663
    IpLen20 DgmLen28Type8 Code0 ID53476
    Seq52818 ECHOXref gt http//www.whitehats.com/i
    nfo/IDS162

7
-sI Idlescan
  • Completely blind scanning
  • - no packets are sent to target from machine
    running nmap
  • Uses another host (zombie), to bounce packets
    to target
  • Can reveal IP-based trust relationships

8
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "NMAP" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!