Your SlideShare is downloading. ×
Introduction to Vulnerablity Assessments Using NMap
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Introducing the official SlideShare app

Stunning, full-screen experience for iPhone and Android

Text the download link to your phone

Standard text messaging rates apply

Introduction to Vulnerablity Assessments Using NMap

1,179
views

Published on

Published in: Technology

0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,179
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
29
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • TCP SYN Scan: I send a SYN, You send either a RST or a SYN/ACK. Most common type of scan, aka “TCP Half-Open”TCP CONNECT SCAN: I send a SYN, You send RST or SYN/ACK, I send ACKTCP Bad Flags Scan: I send an illegal TCP Flags Packet, you send a RST or NothingTCP ACK Scan: I send an ACK, you send a RST or NothingUDP Scans: I send a UDP Packet, you send back ICMP Unreachable, or Response, or Nothing
  • Transcript

    • 1. Introduction to Vulnerability Analysis and Assessment Using Nmap (Network Mapper)
      By: Lance Howell
    • 2. Vulnerability Assessment: The Process
      Reconnaissance: Discover the Network
      Enumerate the Devices on the Network
      Determine the Services on the Devices
      Verify Known Vulnerabilities
      Report on Vulnerabilities
      Repeat Over and Over
    • 3. Common Vulnerabilities to Watch
      Phishing
      Virus Infected E-Mail
      Buffer Overflows (HTTPD, SSHD, FTPD, RPC-DCOM)
      Web Server Software (CGI’s, PHP)
      Client Browsers (XSS, Javascript, ActiveX)
      P2P Download Viruses
      Brute Force Password Attacks
      Password Sniffing
    • 4. Common Tools Used in Vulnerability Assessments
      Reconnaissance Tools
      DNS (dig, nslookup)
      Google
      Whois
      Enumeration Tools (Network Scanners)
      nmap: http://insecure.org/
      scanudp: http://www.geocities.com/fryxar/
      scanrand (paketto) http://www.doxpara.com
      Vulnerability Scanners
      nessus: http://www.nessus.org/
      nikto: http://www.cirt.net/
      nsat: http://nsat.sourceforge.net/
      n-stealth
      hydra
      xscan/xspy
    • 5. nmap
      http://insecure.org
      Supports many different types of scans
      More than just a port scanner
      OS Fingerprinting
      Version of the Service Running
      Additional NMAP Scripting Engine Capabilities
    • 6. Scan Types
      TCP SYN Scan
      TCP CONNECT Scan
      TCP Bad Flags Scan
      TCP ACK Scan
      UDP Scans
    • 7. Port Options
      Do you really want to scan all of the ports from 0-65535????
      Allows mixtures of UDP and TCP
      Ex. –sU –sS –p U:53, 111, 137, T: 21-25, 80, 139, 8080
      By default: 2300 Services Checked
      /usr/share/nmap/nmap-services
      Ex. –p F
    • 8. OS and Services Detection
      OS Version Determined by Observing Unique OS IP Behaviors. Features including: timestamps, sequence numbers, window size, ICMP, fragmentation
      Ex. –O
      Service Version Matches Regular Expressions in Response Packets
      /usr/share/nmap/nmap-service-probes
      Ex. –sV
      Ex. –version-light
      Ex. –version-all