Ethical Hacking - PowerPoint PPT Presentation

1 / 16
About This Presentation
Title:

Ethical Hacking

Description:

Identifying TCP and UDP services running on target network. ... Xmas scan with all flags up. Other options available on nmap website. Lab 3: Using nmap. ... – PowerPoint PPT presentation

Number of Views:151
Avg rating:3.0/5.0
Slides: 17
Provided by: nebr4
Category:
Tags: ethical | hacking | xmas

less

Transcript and Presenter's Notes

Title: Ethical Hacking


1
Ethical Hacking
  • Phase III
  • Scanning

2
Module Objective
  • Detecting live systems on target network.
  • Discovering services running/ listening on target
    systems.
  • Understanding port scanning techniques.
  • Identifying TCP and UDP services running on
    target network.
  • Discovering the operating system
  • Understanding active and passive fingerprinting.
  • Automated discovery tools.

3
Detecting Live Systems On Target Network
  • Why?
  • To determine the perimeter of the target network
    /system
  • To facilitate network mapping
  • To build an inventory of accessible systems on
    target network
  • Tools
  • Ping utilities
  • Nmap (we'll see it soon)
  • Hping apt-get install hping3.

4
Ping
  • Ping send out an ICMP Echo Request packet and
    awaits an ICMP Echo Reply message from an active
    machine.
  • Alternatively, TCP/UDP packets are sent if
    incoming ICMP messages are blocked.
  • Ping helps in assessing network traffic by time
    stamping each packet.
  • Ping can also be used for resolving host names.
  • Tools include ping, Pinger, hping (ping sweeps),
    nmap.

5
Ping
  • ping options in Linux
  • -c 4 number of packets sent.
  • -i 0.01 time between two packets (only root
    lt0.2)
  • -t 200 ttl (by default 64 in the request)
  • DoS death ping.
  • LAB 2 Monitoring ping using ethereal
  • Arp resolution
  • ICMP
  • request / reply

6
Tool Pinger
7
Detecting Ping Sweeps
  • Attention Pings are always blocked...
  • and detected
  • Ping Sweep Detection Utilities include
  • Network based IDS (www.snort.org)

8
Discovering services running/ listening on target
systems.
  • Why?
  • To determine live hosts in the event of ICMP
    requests being blocked by host.
  • To identify potential ports for furthering the
    attack.
  • To understand specific applications / versions of
    a service.
  • To discover operating system details.
  • Tools
  • Port Scanners

9
TCP three-way handshake
10
Understanding Port Scanning Techniques
  • Port Scanning is one of the most popular
    reconnaissance techniques used by hackers to
    discover services that can be compromised.
  • A potential target computer runs many 'services'
    that listen at well-known 'ports'.
  • By scanning which ports are available on the
    victim, the hacker finds potential
    vulnerabilities that can be exploited.
  • Scan techniques can be differentiated broadly
    into Vanilla, Strobe, Stealth, FTP Bounce,
    Fragmented Packets, Sweep and UDP Scans.

11
Port Scanning Techniques
  • Port Scanning Techniques can be broadly
    classified into
  • Open scan
  • Half- open scan
  • Stealth scan
  • Sweeps
  • Misc

12
Active Stack Fingerprinting
  • Fingerprinting is done to determine the remote OS
  • Allows attacker to leave smaller footprint and
    have greater chance to succeed
  • Based on the fact that various OS vendors
    implement the TCP stack differently

13
Tool NMap (Network Mapper)
The TOOL Nmap and nmapfe (gui)
Visit the website http//insecure.org/nmap
14
Scanning types
  • TCP connect (-sT) we try to create a connection
    using the system call connect()
  • It the normal call that we do in an aplication.
  • Very easy to detect (kept in syslog that no data
    are sent after connect)
  • TCP syn (-sS)
  • We send a packet with its flag SYN up the other
    host send a SYNACK packet and, instead of
    replying we send an RST (reset) packet.
  • Often called half-open scanning
  • Difficult to detect.

15
Scanning types
  • UDP connect (-sU) the same as TCP connect but
    using UDP
  • DNS, DHCP and SNMP are some examples.
  • It can be combined with -sS
  • Others
  • Null scan packets without any flags up
  • Xmas scan with all flags up
  • Other options available on nmap website.
  • Lab 3 Using nmap.

16
Summary
  • Scanning is a method adopted by administrators
    and crackers alike to discover more about a
    network
  • There are various scan types - SYN, FIN, Connect,
    ACK, RPC, Inverse Mapping, FTP Bounce, Idle Host
    etc. The use of a particular scan type depends on
    the objective at hand.
  • Nmap is the supertool that will allow us to do
    almost everything about scanning.
Write a Comment
User Comments (0)
About PowerShow.com