Your SlideShare is downloading. ×
0
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Introduction to Vulnerablity Assessments Using NMap
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Introduction to Vulnerablity Assessments Using NMap

1,212

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,212
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
30
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • TCP SYN Scan: I send a SYN, You send either a RST or a SYN/ACK. Most common type of scan, aka “TCP Half-Open”TCP CONNECT SCAN: I send a SYN, You send RST or SYN/ACK, I send ACKTCP Bad Flags Scan: I send an illegal TCP Flags Packet, you send a RST or NothingTCP ACK Scan: I send an ACK, you send a RST or NothingUDP Scans: I send a UDP Packet, you send back ICMP Unreachable, or Response, or Nothing
  • Transcript

    • 1. Introduction to Vulnerability Analysis and Assessment Using Nmap (Network Mapper)<br />By: Lance Howell<br />
    • 2. Vulnerability Assessment: The Process<br />Reconnaissance: Discover the Network<br />Enumerate the Devices on the Network<br />Determine the Services on the Devices<br />Verify Known Vulnerabilities<br />Report on Vulnerabilities<br />Repeat Over and Over<br />
    • 3. Common Vulnerabilities to Watch<br />Phishing<br />Virus Infected E-Mail<br />Buffer Overflows (HTTPD, SSHD, FTPD, RPC-DCOM)<br />Web Server Software (CGI’s, PHP)<br />Client Browsers (XSS, Javascript, ActiveX)<br />P2P Download Viruses<br />Brute Force Password Attacks<br />Password Sniffing<br />
    • 4. Common Tools Used in Vulnerability Assessments<br />Reconnaissance Tools <br />DNS (dig, nslookup)<br />Google<br />Whois<br />Enumeration Tools (Network Scanners)<br />nmap: http://insecure.org/<br />scanudp: http://www.geocities.com/fryxar/<br />scanrand (paketto) http://www.doxpara.com<br />Vulnerability Scanners<br />nessus: http://www.nessus.org/<br />nikto: http://www.cirt.net/<br />nsat: http://nsat.sourceforge.net/<br />n-stealth<br />hydra<br />xscan/xspy<br />
    • 5. nmap<br />http://insecure.org<br />Supports many different types of scans<br />More than just a port scanner<br />OS Fingerprinting <br />Version of the Service Running<br />Additional NMAP Scripting Engine Capabilities<br />
    • 6. Scan Types<br />TCP SYN Scan<br />TCP CONNECT Scan<br />TCP Bad Flags Scan<br />TCP ACK Scan<br />UDP Scans<br />
    • 7. Port Options<br />Do you really want to scan all of the ports from 0-65535????<br />Allows mixtures of UDP and TCP<br />Ex. –sU –sS –p U:53, 111, 137, T: 21-25, 80, 139, 8080<br />By default: 2300 Services Checked<br />/usr/share/nmap/nmap-services<br />Ex. –p F<br />
    • 8. OS and Services Detection<br />OS Version Determined by Observing Unique OS IP Behaviors. Features including: timestamps, sequence numbers, window size, ICMP, fragmentation<br />Ex. –O<br />Service Version Matches Regular Expressions in Response Packets<br />/usr/share/nmap/nmap-service-probes<br />Ex. –sV<br />Ex. –version-light<br />Ex. –version-all<br />

    ×