Reconnaissance & Scanning

Reconnaissance & Scanning By Letian Li ISQS 6342 (Spring 2003) Professor John Durrett

Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Low-Technology Reconnaissance ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Search the Fine Web (STFW) ,[object Object],[object Object],[object Object]

Searching an organization’s own web site ,[object Object],[object Object],[object Object],[object Object],[object Object]

The Fine Art of using search engines ,[object Object],[object Object],[object Object]

Listening in at the Virtual Watering Hole: Usenet ,[object Object],[object Object],[object Object]

Defenses against web-based Reconnaissance ,[object Object],[object Object],[object Object],[object Object]

Whois Databases: treasure Chests of Information ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

IP Address Assignments through ARIN ,[object Object],[object Object],[object Object],[object Object]

Defenses against Whois Searches ,[object Object],[object Object],[object Object],[object Object]

Defenses against Whois Searches ,[object Object]

The Domain Name System ,[object Object],[object Object]

Interrogating DNS Servers ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Defenses from DNS-Based Reconnaissance ,[object Object],[object Object],[object Object]

We’ve got the registrar, now what? ,[object Object],[object Object],[object Object],[object Object]

We’ve got the registrar, now what? (cont.) ,[object Object],[object Object],[object Object],[object Object]

We’ve got the registrar, now what? (cont.) ,[object Object],[object Object],[object Object],[object Object],[object Object]

General Purpose Reconnaissance Tools ,[object Object],[object Object],[object Object],[object Object]

Sam Spade’s Capabilities ,[object Object],[object Object],[object Object],[object Object],[object Object]

Sam Spade’s Capabilities (cont.) ,[object Object],[object Object],[object Object],[object Object]

General Purpose Reconnaissance Tools (cont.) ,[object Object],[object Object],[object Object]

Web-Based reconnaissance tools: Research and Attack Portals ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Scanning ,[object Object],[object Object],[object Object],[object Object],[object Object]

War Dialing ,[object Object],[object Object],[object Object]

War Dialer vs. Demon Dialer ,[object Object],[object Object],[object Object]

A Toxic Recipe: Modems, remote Access Products, and Clueless Users ,[object Object],[object Object],[object Object]

Finding Telephone Numbers to Feed into a War Dialer ,[object Object],[object Object],[object Object],[object Object],[object Object]

War-Dialing Tools ,[object Object],[object Object],[object Object],[object Object],[object Object]

The War Dialer provides a List of Lines with Modems: Now What? ,[object Object],[object Object]

Defenses against War Dialing ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Network Mapping ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Common Network Mapping ,[object Object],[object Object]

Sweeping: finding Live Hosts ,[object Object],[object Object],[object Object],[object Object]

Sweeping: finding Live Hosts (cont.) ,[object Object],[object Object],[object Object]

Traceroute: What Are the Hops ? ,[object Object],[object Object],[object Object],[object Object],[object Object]

Cheops: A Nifty Network Mapper and General-Purpose Management Tool ,[object Object],[object Object]

Defenses against Network Mapping ,[object Object],[object Object],[object Object]

Determining Open Ports Using Port Scanners ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Nmap: A Full-Featured Port Scanning Tool ,[object Object]

Common Type of Nmap Scans ,[object Object],[object Object],[object Object],[object Object],[object Object]

The Polite scan: TCP Connect ,[object Object],[object Object],[object Object],[object Object]

A Little Stealthier: TCP SYN Scans ,[object Object],[object Object],[object Object],[object Object],[object Object]

Violate the protocol Spec: TCP FIN, Xmas Tree, and Null Scans ,[object Object],[object Object],[object Object],[object Object],[object Object]

Kicking the ball Past the Goalie: TCP ACK Scans

Obscure the Source: FTP Bounce Scans ,[object Object],[object Object],[object Object],[object Object]

Don’t Forget UDP! ,[object Object],[object Object],[object Object]

Setting Source Ports for a successful Scan ,[object Object],[object Object],[object Object]

Defenses against port Scanning ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Vulnerability Scanning Tools ,[object Object],[object Object],[object Object],[object Object]

Vulnerability Scanning Defenses ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Vulnerability Scanning Defenses ,[object Object],[object Object],[object Object],[object Object]

Intrusion Detection System ,[object Object],[object Object],[object Object],[object Object]

Evade Network-Based Intrusion Detection Systems ,[object Object],[object Object]

IDS Evasion at the Network Level ,[object Object],[object Object],[object Object],[object Object]

IDS Evasion Defenses ,[object Object],[object Object],[object Object],[object Object],[object Object]

References ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

References (cont.) ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Reconnaissance & Scanning

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (20)

Similar to Reconnaissance & Scanning

Similar to Reconnaissance & Scanning (20)

More from amiable_indian

More from amiable_indian (20)

Recently uploaded

Recently uploaded (20)

Reconnaissance & Scanning